./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2619531723 <...> (1713667464.955:64): avc: denied { rlimitinh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 12.880781][ T28] audit: type=1400 audit(1713667464.955:65): avc: denied { siginh } for pid=225 comm="sh" scontext=system_u:system_r:sshd_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 14.176733][ T226] sshd (226) used greatest stack depth: 22280 bytes left Warning: Permanently added '10.128.1.176' (ED25519) to the list of known hosts. execve("./syz-executor2619531723", ["./syz-executor2619531723"], 0x7ffe29bd5d40 /* 10 vars */) = 0 brk(NULL) = 0x555556fc5000 brk(0x555556fc5d40) = 0x555556fc5d40 arch_prctl(ARCH_SET_FS, 0x555556fc53c0) = 0 set_tid_address(0x555556fc5690) = 294 set_robust_list(0x555556fc56a0, 24) = 0 rseq(0x555556fc5ce0, 0x20, 0, 0x53053053) = -1 ENOSYS (Function not implemented) prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2619531723", 4096) = 28 getrandom("\x72\x0e\xb4\x57\xe6\xe8\x8c\x32", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556fc5d40 brk(0x555556fe6d40) = 0x555556fe6d40 brk(0x555556fe7000) = 0x555556fe7000 mprotect(0x7f5123b8f000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 295 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 296 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 297 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 298 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 299 ./strace-static-x86_64: Process 299 attached [pid 299] set_robust_list(0x555556fc56a0, 24) = 0 [pid 299] mkdir("./syzkaller.Jq2XFD", 0700) = 0 [pid 299] chmod("./syzkaller.Jq2XFD", 0777) = 0 [pid 299] chdir("./syzkaller.Jq2XFD") = 0 [pid 299] mkdir("./0", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 300 ./strace-static-x86_64: Process 300 attached [pid 300] set_robust_list(0x555556fc56a0, 24) = 0 [pid 300] chdir("./0") = 0 [pid 300] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 300] setpgid(0, 0) = 0 [pid 300] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 300] write(3, "1000", 4) = 4 [pid 300] close(3) = 0 [pid 300] symlink("/dev/binderfs", "./binderfs") = 0 [pid 300] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 300] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 300] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 300] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 300] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 300] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 ./strace-static-x86_64: Process 298 attached ./strace-static-x86_64: Process 297 attached ./strace-static-x86_64: Process 296 attached ./strace-static-x86_64: Process 295 attached [pid 300] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 298] set_robust_list(0x555556fc56a0, 24 [pid 297] set_robust_list(0x555556fc56a0, 24 [pid 296] set_robust_list(0x555556fc56a0, 24 [pid 295] set_robust_list(0x555556fc56a0, 24 [pid 298] <... set_robust_list resumed>) = 0 [pid 297] <... set_robust_list resumed>) = 0 [pid 296] <... set_robust_list resumed>) = 0 [pid 295] <... set_robust_list resumed>) = 0 [pid 300] <... clone3 resumed> => {parent_tid=[303]}, 88) = 303 [pid 298] mkdir("./syzkaller.eEVXFY", 0700 [pid 297] mkdir("./syzkaller.y4HR0F", 0700 [pid 296] mkdir("./syzkaller.3yNIsV", 0700 [pid 295] mkdir("./syzkaller.BxK6KV", 0700 [pid 300] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 303 attached NULL, 8) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] chmod("./syzkaller.eEVXFY", 0777 [pid 297] chmod("./syzkaller.y4HR0F", 0777 [pid 296] chmod("./syzkaller.3yNIsV", 0777 [pid 295] chmod("./syzkaller.BxK6KV", 0777 [pid 300] <... futex resumed>) = 0 [pid 298] <... chmod resumed>) = 0 [pid 297] <... chmod resumed>) = 0 [pid 296] <... chmod resumed>) = 0 [pid 295] <... chmod resumed>) = 0 [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 298] chdir("./syzkaller.eEVXFY" [pid 297] chdir("./syzkaller.y4HR0F" [pid 296] chdir("./syzkaller.3yNIsV" [pid 295] chdir("./syzkaller.BxK6KV" [pid 298] <... chdir resumed>) = 0 [pid 297] <... chdir resumed>) = 0 [pid 296] <... chdir resumed>) = 0 [pid 295] <... chdir resumed>) = 0 [pid 298] mkdir("./0", 0777 [pid 297] mkdir("./0", 0777 [pid 296] mkdir("./0", 0777 [pid 295] mkdir("./0", 0777 [pid 298] <... mkdir resumed>) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 297] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 297] close(3 [pid 296] close(3 [pid 295] close(3 [pid 298] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 307 [pid 297] <... clone resumed>, child_tidptr=0x555556fc5690) = 306 [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 304 [pid 295] <... clone resumed>, child_tidptr=0x555556fc5690) = 305 [pid 303] set_robust_list(0x7f5123ac99a0, 24./strace-static-x86_64: Process 304 attached ) = 0 ./strace-static-x86_64: Process 306 attached ./strace-static-x86_64: Process 305 attached [pid 303] rt_sigprocmask(SIG_SETMASK, [], [pid 305] set_robust_list(0x555556fc56a0, 24 [pid 304] set_robust_list(0x555556fc56a0, 24 [pid 303] <... rt_sigprocmask resumed>NULL, 8) = 0 ./strace-static-x86_64: Process 307 attached [pid 306] set_robust_list(0x555556fc56a0, 24 [pid 305] <... set_robust_list resumed>) = 0 [pid 303] memfd_create("syzkaller", 0 [pid 307] set_robust_list(0x555556fc56a0, 24 [pid 306] <... set_robust_list resumed>) = 0 [pid 305] chdir("./0" [pid 304] <... set_robust_list resumed>) = 0 [pid 303] <... memfd_create resumed>) = 3 [ 21.964155][ T28] audit: type=1400 audit(1713667474.055:66): avc: denied { execmem } for pid=294 comm="syz-executor261" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 21.983926][ T28] audit: type=1400 audit(1713667474.055:67): avc: denied { read write } for pid=299 comm="syz-executor261" name="loop4" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 307] <... set_robust_list resumed>) = 0 [pid 307] chdir("./0") = 0 [pid 307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 307] setpgid(0, 0) = 0 [pid 307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 307] write(3, "1000", 4) = 4 [pid 307] close(3) = 0 [pid 307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 307] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 307] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[309]}, 88) = 309 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 306] chdir("./0") = 0 [pid 306] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 306] setpgid(0, 0) = 0 [pid 306] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 306] write(3, "1000", 4) = 4 [pid 306] close(3) = 0 [pid 306] symlink("/dev/binderfs", "./binderfs") = 0 [pid 306] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 306] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 306] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 306] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 306] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 306] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 306] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[310]}, 88) = 310 [pid 306] rt_sigprocmask(SIG_SETMASK, [], [pid 305] <... chdir resumed>) = 0 [pid 304] chdir("./0" [pid 303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 306] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 310 attached ./strace-static-x86_64: Process 309 attached ) = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 304] <... chdir resumed>) = 0 [pid 303] <... mmap resumed>) = 0x7f511b6a9000 [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 310] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 310] memfd_create("syzkaller", 0) = 3 [pid 310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 310] munmap(0x7f511b6a9000, 138412032 [pid 309] set_robust_list(0x7f5123ac99a0, 24 [pid 305] <... prctl resumed>) = 0 [pid 304] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 310] <... munmap resumed>) = 0 [pid 310] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [ 22.009769][ T28] audit: type=1400 audit(1713667474.055:68): avc: denied { open } for pid=299 comm="syz-executor261" path="/dev/loop4" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 22.034846][ T28] audit: type=1400 audit(1713667474.055:69): avc: denied { ioctl } for pid=299 comm="syz-executor261" path="/dev/loop4" dev="devtmpfs" ino=118 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 310] ioctl(4, LOOP_SET_FD, 3 [pid 309] <... set_robust_list resumed>) = 0 [pid 305] setpgid(0, 0 [pid 304] <... prctl resumed>) = 0 [pid 303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 309] rt_sigprocmask(SIG_SETMASK, [], [pid 305] <... setpgid resumed>) = 0 [pid 304] setpgid(0, 0 [pid 303] <... write resumed>) = 1048576 [pid 309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 304] <... setpgid resumed>) = 0 [pid 309] memfd_create("syzkaller", 0 [pid 305] <... openat resumed>) = 3 [pid 304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 309] <... memfd_create resumed>) = 3 [pid 305] write(3, "1000", 4 [pid 304] <... openat resumed>) = 3 [pid 309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 305] <... write resumed>) = 4 [pid 304] write(3, "1000", 4 [pid 309] <... mmap resumed>) = 0x7f511b6a9000 [pid 305] close(3 [pid 304] <... write resumed>) = 4 [pid 310] <... ioctl resumed>) = 0 [pid 305] <... close resumed>) = 0 [pid 304] close(3 [pid 303] munmap(0x7f511b6a9000, 138412032 [pid 305] symlink("/dev/binderfs", "./binderfs" [pid 304] <... close resumed>) = 0 [pid 305] <... symlink resumed>) = 0 [pid 304] symlink("/dev/binderfs", "./binderfs" [pid 305] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... symlink resumed>) = 0 [pid 305] <... futex resumed>) = 0 [pid 304] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 304] <... futex resumed>) = 0 [pid 305] <... rt_sigaction resumed>NULL, 8) = 0 [pid 304] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 304] <... rt_sigaction resumed>NULL, 8) = 0 [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] <... mmap resumed>) = 0x7f5123aa9000 [pid 304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 305] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 304] <... mmap resumed>) = 0x7f5123aa9000 [pid 305] <... mprotect resumed>) = 0 [pid 304] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 310] close(3 [pid 309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 305] rt_sigprocmask(SIG_BLOCK, ~[], [pid 304] <... mprotect resumed>) = 0 [pid 310] <... close resumed>) = 0 [pid 303] <... munmap resumed>) = 0 [pid 305] <... rt_sigprocmask resumed>[], 8) = 0 [pid 304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 303] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 305] <... clone3 resumed> => {parent_tid=[311]}, 88) = 311 [pid 303] <... openat resumed>) = 4 [pid 305] rt_sigprocmask(SIG_SETMASK, [], [pid 304] <... clone3 resumed> => {parent_tid=[312]}, 88) = 312 [pid 305] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 304] rt_sigprocmask(SIG_SETMASK, [], [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 305] <... futex resumed>) = 0 [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 310] close(4./strace-static-x86_64: Process 312 attached [pid 309] <... write resumed>) = 1048576 [pid 303] ioctl(4, LOOP_SET_FD, 3 [pid 310] <... close resumed>) = 0 [pid 310] mkdir("./file0", 0777) = 0 [pid 310] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 311] memfd_create("syzkaller", 0) = 3 [pid 311] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 311] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 311] munmap(0x7f511b6a9000, 138412032) = 0 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 311] ioctl(4, LOOP_SET_FD, 3 [pid 312] set_robust_list(0x7f5123ac99a0, 24 [pid 309] munmap(0x7f511b6a9000, 138412032 [pid 303] <... ioctl resumed>) = 0 [pid 312] <... set_robust_list resumed>) = 0 [pid 309] <... munmap resumed>) = 0 [ 22.062486][ T310] loop2: detected capacity change from 0 to 2048 [ 22.080626][ T303] loop4: detected capacity change from 0 to 2048 [ 22.089369][ T28] audit: type=1400 audit(1713667474.165:70): avc: denied { mounton } for pid=306 comm="syz-executor261" path="/root/syzkaller.y4HR0F/0/file0" dev="sda1" ino=1942 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [pid 303] close(3 [pid 312] rt_sigprocmask(SIG_SETMASK, [], [pid 309] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 303] <... close resumed>) = 0 [pid 312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 309] <... openat resumed>) = 4 [pid 303] close(4 [pid 312] memfd_create("syzkaller", 0 [pid 309] ioctl(4, LOOP_SET_FD, 3 [pid 303] <... close resumed>) = 0 [pid 312] <... memfd_create resumed>) = 3 [pid 311] <... ioctl resumed>) = 0 [pid 303] mkdir("./file0", 0777 [pid 311] close(3) = 0 [pid 311] close(4) = 0 [pid 311] mkdir("./file0", 0777) = 0 [pid 311] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 303] <... mkdir resumed>) = 0 [pid 303] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 312] <... write resumed>) = 1048576 [pid 312] munmap(0x7f511b6a9000, 138412032) = 0 [pid 312] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 309] <... ioctl resumed>) = 0 [pid 312] close(3) = 0 [pid 312] close(4) = 0 [pid 312] mkdir("./file0", 0777) = 0 [pid 312] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 309] close(3) = 0 [pid 309] close(4) = 0 [pid 309] mkdir("./file0", 0777) = 0 [ 22.091276][ T311] loop0: detected capacity change from 0 to 2048 [ 22.119733][ T309] loop3: detected capacity change from 0 to 2048 [ 22.135079][ T312] loop1: detected capacity change from 0 to 2048 [ 22.136880][ T310] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [pid 309] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 310] <... mount resumed>) = 0 [pid 310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 310] chdir("./file0") = 0 [pid 310] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 310] ioctl(4, LOOP_CLR_FD) = 0 [pid 310] close(4) = 0 [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] <... futex resumed>) = 0 [pid 311] <... mount resumed>) = 0 [pid 311] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 311] chdir("./file0" [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... mount resumed>) = 0 [pid 311] <... chdir resumed>) = 0 [pid 306] <... futex resumed>) = 1 [pid 311] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... openat resumed>) = 4 [pid 311] ioctl(4, LOOP_CLR_FD [pid 303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 311] <... ioctl resumed>) = 0 [pid 303] <... openat resumed>) = 3 [pid 311] close(4 [pid 303] chdir("./file0" [pid 310] <... futex resumed>) = 0 [pid 310] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 311] <... close resumed>) = 0 [pid 303] <... chdir resumed>) = 0 [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 311] <... futex resumed>) = 1 [pid 305] <... futex resumed>) = 0 [pid 303] <... openat resumed>) = 4 [pid 311] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] ioctl(4, LOOP_CLR_FD [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] <... futex resumed>) = 0 [pid 303] <... ioctl resumed>) = 0 [pid 311] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] close(4) = 0 [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 300] <... futex resumed>) = 0 [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... open resumed>) = 4 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 300] <... futex resumed>) = 0 [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... futex resumed>) = 1 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... open resumed>) = 4 [pid 305] <... futex resumed>) = 0 [pid 311] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 300] <... futex resumed>) = 0 [pid 311] <... write resumed>) = 9 [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] <... futex resumed>) = 0 [pid 303] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] creat("./bus", 000 [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... write resumed>) = 9 [pid 311] <... creat resumed>) = 5 [pid 305] <... futex resumed>) = 0 [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] <... futex resumed>) = 0 [pid 303] creat("./bus", 000 [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] creat("./bus", 000 [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... creat resumed>) = 5 [pid 311] <... creat resumed>) = 6 [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 1 [pid 305] <... futex resumed>) = 0 [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] <... futex resumed>) = 0 [pid 303] creat("./bus", 000 [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... creat resumed>) = 6 [pid 311] <... open resumed>) = 7 [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = 1 [pid 305] <... futex resumed>) = 0 [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 305] <... futex resumed>) = 0 [pid 303] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... open resumed>) = 7 [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... mmap resumed>) = 0x20000000 [pid 310] <... open resumed>) = 4 [pid 303] <... futex resumed>) = 1 [pid 300] <... futex resumed>) = 0 [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [ 22.150400][ T28] audit: type=1400 audit(1713667474.235:71): avc: denied { mount } for pid=306 comm="syz-executor261" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 22.150723][ T303] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 22.180976][ T311] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.192845][ T28] audit: type=1400 audit(1713667474.285:72): avc: denied { write } for pid=306 comm="syz-executor261" name="/" dev="loop2" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.227953][ T28] audit: type=1400 audit(1713667474.295:73): avc: denied { add_name } for pid=306 comm="syz-executor261" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 22.228844][ T309] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 22.248784][ T28] audit: type=1400 audit(1713667474.295:74): avc: denied { create } for pid=306 comm="syz-executor261" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = 1 [pid 310] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = 0 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 303] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... mmap resumed>) = 0x20000000 [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 300] <... futex resumed>) = 0 [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 303] ftruncate(6, 31 [pid 300] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 303] <... ftruncate resumed>) = 0 [pid 303] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 300] <... futex resumed>) = 0 [pid 303] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 300] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 300] <... futex resumed>) = 0 [pid 311] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] <... futex resumed>) = 0 [pid 305] <... futex resumed>) = 0 [pid 311] ftruncate(6, 31 [pid 310] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 305] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 311] <... ftruncate resumed>) = 0 [pid 311] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 305] <... futex resumed>) = 0 [pid 311] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 311] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 22.258173][ T312] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 22.277294][ T28] audit: type=1400 audit(1713667474.305:75): avc: denied { read write open } for pid=305 comm="syz-executor261" path="/root/syzkaller.BxK6KV/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 22.286973][ T303] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 305] <... futex resumed>) = 0 [pid 312] <... mount resumed>) = 0 [pid 309] <... mount resumed>) = 0 [pid 303] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 300] read(0, [pid 312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 312] <... openat resumed>) = 3 [pid 309] <... openat resumed>) = 3 [pid 303] +++ killed by SIGBUS +++ [pid 300] +++ killed by SIGBUS +++ [pid 312] chdir("./file0") = 0 [pid 309] chdir("./file0" [pid 312] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 309] <... chdir resumed>) = 0 [pid 312] ioctl(4, LOOP_CLR_FD) = 0 [pid 309] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 312] close(4) = 0 [pid 309] <... openat resumed>) = 4 [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] ioctl(4, LOOP_CLR_FD [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... ioctl resumed>) = 0 [pid 309] close(4) = 0 [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 309] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] <... write resumed>) = 9 [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 310] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 305] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=300, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 307] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 305] <... mmap resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 0 [pid 311] +++ killed by SIGBUS +++ [pid 310] <... futex resumed>) = 0 [pid 309] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 1 [pid 305] +++ killed by SIGBUS +++ [pid 304] <... futex resumed>) = 1 [pid 312] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 310] creat("./bus", 000 [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... open resumed>) = 4 [pid 309] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=305, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... creat resumed>) = 5 [pid 312] <... futex resumed>) = 1 [pid 304] <... futex resumed>) = 0 [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... open resumed>) = 4 [pid 304] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 312] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... write resumed>) = 9 [pid 310] <... futex resumed>) = 1 [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 310] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 299] newfstatat(3, "", [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] creat("./bus", 000 [pid 312] <... futex resumed>) = 1 [pid 304] <... futex resumed>) = 0 [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 312] creat("./bus", 000 [pid 310] <... creat resumed>) = 6 [pid 309] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(3, [pid 312] <... creat resumed>) = 5 [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 304] <... futex resumed>) = 0 [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] <... futex resumed>) = 1 [pid 306] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 312] creat("./bus", 000 [pid 310] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] <... write resumed>) = 9 [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 312] <... creat resumed>) = 6 [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 309] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = 0 [pid 299] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 312] <... futex resumed>) = 1 [pid 310] <... open resumed>) = 7 [pid 309] creat("./bus", 000 [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... creat resumed>) = 5 [pid 307] <... futex resumed>) = 0 [pid 306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./0/binderfs", [pid 295] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] <... futex resumed>) = 0 [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... openat resumed>) = 3 [pid 312] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 310] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 309] <... futex resumed>) = 0 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] <... futex resumed>) = 0 [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./0/binderfs" [pid 295] newfstatat(3, "", [pid 312] <... open resumed>) = 7 [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... mmap resumed>) = 0x20000000 [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = 1 [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 304] <... futex resumed>) = 0 [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] <... futex resumed>) = 0 [pid 312] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 309] creat("./bus", 000 [pid 307] <... futex resumed>) = 0 [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... unlink resumed>) = 0 [pid 312] <... mmap resumed>) = 0x20000000 [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 310] <... futex resumed>) = 1 [pid 309] <... creat resumed>) = 6 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 299] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 312] <... futex resumed>) = 1 [pid 310] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 304] <... futex resumed>) = 0 [pid 295] getdents64(3, [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... futex resumed>) = 0 [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 310] ftruncate(6, 31 [pid 309] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 307] <... futex resumed>) = 0 [pid 306] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 310] <... ftruncate resumed>) = 0 [pid 309] <... open resumed>) = 7 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 310] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 307] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 295] newfstatat(AT_FDCWD, "./0/binderfs", [pid 310] <... futex resumed>) = 1 [pid 309] <... futex resumed>) = 0 [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] <... futex resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 310] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 309] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 307] <... futex resumed>) = 0 [pid 306] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] unlink("./0/binderfs" [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 309] <... mmap resumed>) = 0x20000000 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 306] <... futex resumed>) = 0 [pid 304] <... futex resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 312] ftruncate(6, 31 [pid 304] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = 0 [pid 312] <... ftruncate resumed>) = 0 [pid 312] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 312] <... futex resumed>) = 1 [pid 304] <... futex resumed>) = 0 [pid 312] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [ 22.314663][ T311] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.352416][ T299] EXT4-fs (loop4): unmounting filesystem. [ 22.359487][ T310] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 304] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 312] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 304] <... futex resumed>) = 0 [pid 310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 309] <... futex resumed>) = 1 [pid 307] <... futex resumed>) = 0 [pid 310] +++ killed by SIGBUS +++ [pid 309] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 306] +++ killed by SIGBUS +++ [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 309] ftruncate(6, 31 [pid 307] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 309] <... ftruncate resumed>) = 0 [pid 309] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 307] <... futex resumed>) = 0 [pid 309] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 307] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 309] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 307] <... futex resumed>) = 0 [pid 312] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 304] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./0/file0", [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=306, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 312] +++ killed by SIGBUS +++ [pid 304] +++ killed by SIGBUS +++ [pid 299] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- [pid 299] <... openat resumed>) = 4 [pid 297] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 299] newfstatat(4, "", [pid 297] <... openat resumed>) = 3 [pid 296] <... restart_syscall resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] newfstatat(3, "", [pid 299] getdents64(4, [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(3, [pid 296] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] getdents64(4, [pid 297] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 297] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] close(4 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./0/binderfs", [pid 296] newfstatat(3, "", [pid 299] rmdir("./0/file0" [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 297] unlink("./0/binderfs" [pid 296] getdents64(3, [pid 299] getdents64(3, [pid 297] <... unlink resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] <... close resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./0/binderfs", [pid 299] rmdir("./0" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 296] unlink("./0/binderfs" [pid 299] mkdir("./1", 0777 [pid 296] <... unlink resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3 [pid 307] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 328 ./strace-static-x86_64: Process 328 attached [pid 328] set_robust_list(0x555556fc56a0, 24) = 0 [pid 328] chdir("./1") = 0 [pid 328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 328] setpgid(0, 0) = 0 [pid 328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 328] write(3, "1000", 4) = 4 [pid 328] close(3) = 0 [pid 307] <... futex resumed>) = 0 [pid 328] symlink("/dev/binderfs", "./binderfs" [pid 309] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123a88000 [pid 307] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123aa8990, parent_tid=0x7f5123aa8990, exit_signal=0, stack=0x7f5123a88000, stack_size=0x20300, tls=0x7f5123aa86c0} => {parent_tid=[329]}, 88) = 329 [pid 307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 307] futex(0x7f5123b95718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f5123b9571c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 328] <... symlink resumed>) = 0 [pid 328] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 328] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[330]}, 88) = 330 [pid 328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 330 attached [pid 330] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 330] memfd_create("syzkaller", 0) = 3 [pid 330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./0/file0") = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./0") = 0 [pid 295] mkdir("./1", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 331 [pid 330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 330] <... write resumed>) = 1048576 [pid 330] munmap(0x7f511b6a9000, 138412032 [pid 297] close(4) = 0 [pid 330] <... munmap resumed>) = 0 [pid 297] rmdir("./0/file0" [pid 330] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [ 22.368919][ T312] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.377065][ T309] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.405626][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.411912][ T297] EXT4-fs (loop2): unmounting filesystem. [ 22.417892][ T296] EXT4-fs (loop1): unmounting filesystem. [pid 330] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, [pid 330] <... ioctl resumed>) = 0 [pid 330] close(3) = 0 [pid 330] close(4) = 0 [pid 330] mkdir("./file0", 0777) = 0 [pid 330] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 307] <... futex resumed>) = ? [pid 309] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 329 attached [pid 297] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./0" [pid 329] +++ killed by SIGBUS +++ [pid 307] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=307, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- ./strace-static-x86_64: Process 331 attached [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 331] set_robust_list(0x555556fc56a0, 24 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 331] <... set_robust_list resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 331] chdir("./1" [pid 298] getdents64(3, [pid 331] <... chdir resumed>) = 0 [pid 331] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 331] <... prctl resumed>) = 0 [pid 298] umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] <... rmdir resumed>) = 0 [pid 331] setpgid(0, 0 [pid 298] newfstatat(AT_FDCWD, "./0/binderfs", [pid 297] mkdir("./1", 0777 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 331] <... setpgid resumed>) = 0 [pid 298] unlink("./0/binderfs" [pid 331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... unlink resumed>) = 0 [pid 298] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 331] <... openat resumed>) = 3 [pid 331] write(3, "1000", 4) = 4 [pid 331] close(3) = 0 [pid 331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 331] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 331] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[333]}, 88) = 333 [pid 331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 333] memfd_create("syzkaller", 0) = 3 [pid 333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... mkdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 333] <... write resumed>) = 1048576 [pid 333] munmap(0x7f511b6a9000, 138412032) = 0 [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 333] ioctl(4, LOOP_SET_FD, 3 [pid 297] <... openat resumed>) = 3 [pid 333] <... ioctl resumed>) = 0 [pid 333] close(3) = 0 [pid 333] close(4) = 0 [pid 333] mkdir("./file0", 0777) = 0 [pid 333] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 335 [pid 330] <... mount resumed>) = 0 [pid 330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 330] chdir("./file0") = 0 [pid 330] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 330] ioctl(4, LOOP_CLR_FD) = 0 [pid 330] close(4) = 0 [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = 0 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 298] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] creat("./bus", 000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./0/file0", [pid 330] <... creat resumed>) = 5 [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] creat("./bus", 000) = 6 [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 328] <... futex resumed>) = 0 [pid 298] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 330] <... futex resumed>) = 1 [pid 330] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 1 [pid 330] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 298] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, [pid 330] <... mmap resumed>) = 0x20000000 [pid 298] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 298] close(4 [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] rmdir("./0/file0" [pid 296] newfstatat(AT_FDCWD, "./0/file0", [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 328] <... futex resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 330] ftruncate(6, 31 [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 330] <... ftruncate resumed>) = 0 [pid 328] <... futex resumed>) = 0 [pid 330] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [ 22.440998][ T330] loop4: detected capacity change from 0 to 2048 [ 22.453522][ T298] EXT4-fs (loop3): unmounting filesystem. [ 22.463694][ T333] loop0: detected capacity change from 0 to 2048 [ 22.466228][ T330] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [pid 328] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 330] <... futex resumed>) = 0 [pid 328] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] getdents64(3, [pid 296] umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 335 attached [pid 328] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 298] close(3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... close resumed>) = 0 [pid 298] rmdir("./0" [pid 296] openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... rmdir resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 298] mkdir("./1", 0777 [pid 296] newfstatat(4, "", [pid 298] <... mkdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 296] getdents64(4, [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] close(3 [pid 296] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] close(4) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 338 [pid 296] rmdir("./0/file0") = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./0") = 0 [pid 296] mkdir("./1", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 339 [pid 335] set_robust_list(0x555556fc56a0, 24) = 0 [pid 335] chdir("./1" [pid 328] <... futex resumed>) = 0 [pid 328] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 335] <... chdir resumed>) = 0 [pid 335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 335] setpgid(0, 0) = 0 [pid 335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 335] write(3, "1000", 4) = 4 [pid 335] close(3) = 0 [pid 335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 335] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 335] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[340]}, 88) = 340 [pid 335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 338 attached ./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x555556fc56a0, 24 [pid 338] set_robust_list(0x555556fc56a0, 24 [pid 339] <... set_robust_list resumed>) = 0 [pid 338] <... set_robust_list resumed>) = 0 [pid 333] <... mount resumed>) = 0 ./strace-static-x86_64: Process 340 attached [pid 339] chdir("./1" [pid 338] chdir("./1" [pid 333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 328] <... mmap resumed>) = 0x7f5123a88000 [pid 340] set_robust_list(0x7f5123ac99a0, 24 [pid 339] <... chdir resumed>) = 0 [pid 338] <... chdir resumed>) = 0 [pid 333] <... openat resumed>) = 3 [pid 340] <... set_robust_list resumed>) = 0 [pid 339] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 338] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 333] chdir("./file0" [pid 330] +++ killed by SIGBUS +++ [pid 328] +++ killed by SIGBUS +++ [pid 339] <... prctl resumed>) = 0 [pid 338] <... prctl resumed>) = 0 [pid 339] setpgid(0, 0 [pid 338] setpgid(0, 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=328, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 339] <... setpgid resumed>) = 0 [pid 338] <... setpgid resumed>) = 0 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 339] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... restart_syscall resumed>) = 0 [pid 340] rt_sigprocmask(SIG_SETMASK, [], [pid 339] <... openat resumed>) = 3 [pid 338] <... openat resumed>) = 3 [pid 333] <... chdir resumed>) = 0 [pid 339] write(3, "1000", 4 [pid 338] write(3, "1000", 4 [pid 339] <... write resumed>) = 4 [pid 338] <... write resumed>) = 4 [pid 299] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 339] close(3 [pid 338] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 339] <... close resumed>) = 0 [pid 338] <... close resumed>) = 0 [pid 299] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 339] symlink("/dev/binderfs", "./binderfs" [pid 338] symlink("/dev/binderfs", "./binderfs" [pid 333] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 299] <... openat resumed>) = 3 [pid 340] memfd_create("syzkaller", 0 [pid 338] <... symlink resumed>) = 0 [pid 333] <... openat resumed>) = 4 [pid 299] newfstatat(3, "", [pid 340] <... memfd_create resumed>) = 3 [pid 339] <... symlink resumed>) = 0 [pid 338] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] ioctl(4, LOOP_CLR_FD [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 340] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 339] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 333] <... ioctl resumed>) = 0 [pid 299] getdents64(3, [pid 340] <... mmap resumed>) = 0x7f511b6a9000 [pid 339] <... futex resumed>) = 0 [pid 333] close(4 [pid 338] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 338] <... rt_sigaction resumed>NULL, 8) = 0 [pid 333] <... close resumed>) = 0 [pid 299] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 333] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./1/binderfs", [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 339] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 338] <... mmap resumed>) = 0x7f5123aa9000 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] <... futex resumed>) = 0 [pid 299] unlink("./1/binderfs" [pid 339] <... rt_sigaction resumed>NULL, 8) = 0 [pid 338] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 333] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... unlink resumed>) = 0 [pid 339] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 338] <... mprotect resumed>) = 0 [pid 333] <... open resumed>) = 4 [pid 299] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 338] rt_sigprocmask(SIG_BLOCK, ~[], [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... rt_sigprocmask resumed>[], 8) = 0 [pid 333] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 [pid 340] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 339] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... mmap resumed>) = 0x7f5123aa9000 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] <... futex resumed>) = 0 [pid 339] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 338] <... clone3 resumed> => {parent_tid=[341]}, 88) = 341 [pid 333] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... mprotect resumed>) = 0 [pid 338] rt_sigprocmask(SIG_SETMASK, [], [pid 333] <... write resumed>) = 9 [pid 338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] rt_sigprocmask(SIG_BLOCK, ~[], [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 ./strace-static-x86_64: Process 341 attached [pid 340] <... write resumed>) = 1048576 [pid 339] <... rt_sigprocmask resumed>[], 8) = 0 [pid 338] <... futex resumed>) = 0 [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] set_robust_list(0x7f5123ac99a0, 24 [pid 340] munmap(0x7f511b6a9000, 138412032 [pid 339] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] <... futex resumed>) = 0 [pid 333] creat("./bus", 000 [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... creat resumed>) = 5 [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] <... futex resumed>) = 0 [pid 333] creat("./bus", 000 [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... creat resumed>) = 6 [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] <... futex resumed>) = 0 [pid 333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... open resumed>) = 7 [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 331] <... futex resumed>) = 0 [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] <... futex resumed>) = 0 [pid 333] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 333] <... mmap resumed>) = 0x20000000 [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... clone3 resumed> => {parent_tid=[342]}, 88) = 342 [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 333] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 339] rt_sigprocmask(SIG_SETMASK, [], [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 331] <... futex resumed>) = 0 [pid 333] ftruncate(6, 31 [pid 331] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 339] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 333] <... ftruncate resumed>) = 0 [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 339] <... futex resumed>) = 0 [pid 333] <... futex resumed>) = 1 [pid 331] <... futex resumed>) = 0 [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 333] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 331] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 22.499104][ T330] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.514488][ T333] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 22.537248][ T299] EXT4-fs (loop4): unmounting filesystem. [pid 331] <... futex resumed>) = 0 ./strace-static-x86_64: Process 342 attached [pid 341] <... set_robust_list resumed>) = 0 [pid 340] <... munmap resumed>) = 0 [pid 299] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 342] set_robust_list(0x7f5123ac99a0, 24 [pid 341] rt_sigprocmask(SIG_SETMASK, [], [pid 340] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 342] <... set_robust_list resumed>) = 0 [pid 341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 340] <... openat resumed>) = 4 [pid 299] newfstatat(AT_FDCWD, "./1/file0", [pid 342] rt_sigprocmask(SIG_SETMASK, [], [pid 341] memfd_create("syzkaller", 0 [pid 340] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 341] <... memfd_create resumed>) = 3 [pid 333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 331] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 333] +++ killed by SIGBUS +++ [pid 331] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=331, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 299] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 295] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] getdents64(4, [pid 295] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] <... openat resumed>) = 3 [pid 299] close(4 [pid 295] newfstatat(3, "", [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... close resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 341] <... mmap resumed>) = 0x7f511b6a9000 [pid 299] rmdir("./1/file0" [pid 295] getdents64(3, [pid 342] memfd_create("syzkaller", 0 [pid 299] <... rmdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] getdents64(3, [pid 295] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 342] <... memfd_create resumed>) = 3 [pid 299] close(3 [pid 295] newfstatat(AT_FDCWD, "./1/binderfs", [pid 342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 299] <... close resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] rmdir("./1" [pid 295] unlink("./1/binderfs" [pid 299] <... rmdir resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 342] <... mmap resumed>) = 0x7f511b6a9000 [pid 299] mkdir("./2", 0777 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 340] <... ioctl resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 342] <... write resumed>) = 1048576 [pid 342] munmap(0x7f511b6a9000, 138412032) = 0 [pid 342] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 342] ioctl(4, LOOP_SET_FD, 3 [pid 341] <... write resumed>) = 1048576 [pid 340] close(3 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 341] munmap(0x7f511b6a9000, 138412032 [pid 340] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 341] <... munmap resumed>) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 340] close(4 [pid 299] ioctl(3, LOOP_CLR_FD [pid 341] <... openat resumed>) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3 [pid 340] <... close resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 342] <... ioctl resumed>) = 0 [pid 342] close(3) = 0 [pid 342] close(4) = 0 [pid 342] mkdir("./file0", 0777) = 0 [pid 342] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] close(3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 341] <... ioctl resumed>) = 0 [pid 340] mkdir("./file0", 0777 [pid 299] <... close resumed>) = 0 [pid 295] newfstatat(AT_FDCWD, "./1/file0", [pid 340] <... mkdir resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 340] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 299] <... clone resumed>, child_tidptr=0x555556fc5690) = 343 [pid 341] close(3) = 0 [pid 341] close(4) = 0 [pid 341] mkdir("./file0", 0777) = 0 [pid 341] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) ./strace-static-x86_64: Process 343 attached [pid 343] set_robust_list(0x555556fc56a0, 24 [pid 295] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", [pid 343] <... set_robust_list resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./1/file0" [pid 343] chdir("./2") = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./1" [pid 343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] mkdir("./2", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 343] setpgid(0, 0) = 0 [pid 343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 343] write(3, "1000", 4) = 4 [pid 343] close(3) = 0 [pid 343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 343] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 343] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] <... clone resumed>, child_tidptr=0x555556fc5690) = 347 [pid 343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[349]}, 88) = 349 [pid 343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 347 attached ./strace-static-x86_64: Process 349 attached [pid 349] set_robust_list(0x7f5123ac99a0, 24) = 0 [ 22.549833][ T333] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.556162][ T340] loop2: detected capacity change from 0 to 2048 [ 22.575335][ T295] EXT4-fs (loop0): unmounting filesystem. [ 22.584116][ T342] loop1: detected capacity change from 0 to 2048 [ 22.589300][ T341] loop3: detected capacity change from 0 to 2048 [pid 349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] memfd_create("syzkaller", 0) = 3 [pid 349] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 349] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 347] set_robust_list(0x555556fc56a0, 24 [pid 342] <... mount resumed>) = 0 [pid 347] <... set_robust_list resumed>) = 0 [pid 342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 347] chdir("./2" [pid 342] <... openat resumed>) = 3 [pid 347] <... chdir resumed>) = 0 [pid 342] chdir("./file0" [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 342] <... chdir resumed>) = 0 [pid 347] <... prctl resumed>) = 0 [pid 347] setpgid(0, 0 [pid 342] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 347] <... setpgid resumed>) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 342] <... openat resumed>) = 4 [pid 347] <... openat resumed>) = 3 [pid 347] write(3, "1000", 4 [pid 342] ioctl(4, LOOP_CLR_FD [pid 347] <... write resumed>) = 4 [pid 347] close(3 [pid 342] <... ioctl resumed>) = 0 [pid 347] <... close resumed>) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs" [pid 342] close(4 [pid 347] <... symlink resumed>) = 0 [pid 347] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... close resumed>) = 0 [pid 347] <... futex resumed>) = 0 [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 347] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 342] <... futex resumed>) = 1 [pid 347] <... rt_sigaction resumed>NULL, 8) = 0 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 347] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[352]}, 88) = 352 [pid 347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 349] <... write resumed>) = 1048576 [pid 349] munmap(0x7f511b6a9000, 138412032) = 0 [pid 349] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 352 attached [pid 341] <... mount resumed>) = 0 [pid 340] <... mount resumed>) = 0 [pid 339] <... futex resumed>) = 0 [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = 0 [pid 339] <... futex resumed>) = 1 [pid 342] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... open resumed>) = 4 [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 342] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... write resumed>) = 9 [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 342] creat("./bus", 000 [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... creat resumed>) = 5 [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 342] creat("./bus", 000 [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... creat resumed>) = 6 [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 342] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] set_robust_list(0x7f5123ac99a0, 24 [pid 349] <... ioctl resumed>) = 0 [pid 342] <... open resumed>) = 7 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 340] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 339] <... futex resumed>) = 0 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 342] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... mmap resumed>) = 0x20000000 [pid 341] <... openat resumed>) = 3 [pid 340] <... openat resumed>) = 3 [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] chdir("./file0" [pid 339] <... futex resumed>) = 0 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 342] ftruncate(6, 31 [pid 339] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 342] <... ftruncate resumed>) = 0 [pid 342] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... chdir resumed>) = 0 [pid 342] <... futex resumed>) = 1 [pid 339] <... futex resumed>) = 0 [ 22.623222][ T342] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 22.627716][ T340] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 22.642115][ T341] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 22.648771][ T349] loop4: detected capacity change from 0 to 2048 [pid 342] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 339] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 342] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 339] <... futex resumed>) = 0 [pid 340] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 340] ioctl(4, LOOP_CLR_FD) = 0 [pid 340] close(4) = 0 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 340] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] chdir("./file0" [pid 335] <... futex resumed>) = 0 [pid 349] close(3 [pid 341] <... chdir resumed>) = 0 [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... set_robust_list resumed>) = 0 [pid 349] <... close resumed>) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 352] rt_sigprocmask(SIG_SETMASK, [], [pid 349] close(4 [pid 341] <... openat resumed>) = 4 [pid 352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 349] <... close resumed>) = 0 [pid 341] ioctl(4, LOOP_CLR_FD [pid 352] memfd_create("syzkaller", 0 [pid 349] mkdir("./file0", 0777 [pid 341] <... ioctl resumed>) = 0 [pid 352] <... memfd_create resumed>) = 3 [pid 349] <... mkdir resumed>) = 0 [pid 341] close(4 [pid 352] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 349] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 341] <... close resumed>) = 0 [pid 352] <... mmap resumed>) = 0x7f511b6a9000 [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 341] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... futex resumed>) = 0 [pid 352] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 342] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 340] <... open resumed>) = 4 [pid 339] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 340] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... write resumed>) = 1048576 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... futex resumed>) = 1 [pid 335] <... futex resumed>) = 0 [pid 352] munmap(0x7f511b6a9000, 138412032 [pid 341] <... futex resumed>) = 0 [pid 340] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 339] <... futex resumed>) = ? [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... munmap resumed>) = 0 [pid 341] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 342] +++ killed by SIGBUS +++ [pid 341] <... open resumed>) = 4 [pid 340] <... write resumed>) = 9 [pid 339] +++ killed by SIGBUS +++ [pid 352] <... openat resumed>) = 4 [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] ioctl(4, LOOP_SET_FD, 3 [pid 341] <... futex resumed>) = 1 [pid 340] <... futex resumed>) = 1 [pid 338] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=339, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./1/binderfs") = 0 [pid 296] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 341] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 338] <... futex resumed>) = 1 [pid 341] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = 0 [pid 335] <... futex resumed>) = 1 [pid 340] creat("./bus", 000 [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... creat resumed>) = 5 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 340] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 335] <... futex resumed>) = 0 [pid 340] creat("./bus", 000 [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... creat resumed>) = 6 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 340] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 335] <... futex resumed>) = 0 [pid 340] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... open resumed>) = 7 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 340] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 335] <... futex resumed>) = 0 [pid 340] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... mmap resumed>) = 0x20000000 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 340] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 335] <... futex resumed>) = 0 [pid 340] ftruncate(6, 31 [pid 335] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 340] <... ftruncate resumed>) = 0 [pid 340] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 335] <... futex resumed>) = 0 [pid 340] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 335] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 340] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 335] <... futex resumed>) = 0 [pid 352] <... ioctl resumed>) = 0 [pid 341] <... write resumed>) = 9 [pid 352] close(3 [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... close resumed>) = 0 [pid 341] <... futex resumed>) = 1 [pid 338] <... futex resumed>) = 0 [pid 352] close(4 [pid 341] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... close resumed>) = 0 [pid 341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... futex resumed>) = 0 [pid 352] mkdir("./file0", 0777 [pid 341] creat("./bus", 000 [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... mkdir resumed>) = 0 [pid 341] <... creat resumed>) = 5 [pid 352] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 338] <... futex resumed>) = 0 [pid 340] +++ killed by SIGBUS +++ [pid 335] +++ killed by SIGBUS +++ [pid 341] creat("./bus", 000 [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=335, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 297] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./1/binderfs") = 0 [pid 297] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 341] <... creat resumed>) = 6 [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 341] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] <... futex resumed>) = 0 [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = 0 [pid 338] <... futex resumed>) = 1 [pid 341] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... open resumed>) = 7 [ 22.660090][ T342] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.684484][ T352] loop0: detected capacity change from 0 to 2048 [ 22.691592][ T296] EXT4-fs (loop1): unmounting filesystem. [ 22.695878][ T340] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.717688][ T297] EXT4-fs (loop2): unmounting filesystem. [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 341] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... futex resumed>) = 0 [pid 341] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... mmap resumed>) = 0x20000000 [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 338] <... futex resumed>) = 0 [pid 341] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 341] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 338] <... futex resumed>) = 0 [pid 341] ftruncate(6, 31 [pid 338] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... ftruncate resumed>) = 0 [pid 341] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 338] <... futex resumed>) = 0 [pid 341] <... futex resumed>) = 1 [pid 338] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 349] <... mount resumed>) = 0 [pid 349] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 349] chdir("./file0") = 0 [pid 349] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 349] ioctl(4, LOOP_CLR_FD) = 0 [pid 349] close(4) = 0 [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = 0 [pid 296] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 349] <... futex resumed>) = 1 [pid 343] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./1/file0", [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, [pid 349] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 349] <... open resumed>) = 4 [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 349] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 341] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(4, [pid 343] <... futex resumed>) = 1 [pid 338] <... mmap resumed>) = ? [pid 297] newfstatat(AT_FDCWD, "./1/file0", [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] +++ killed by SIGBUS +++ [pid 349] <... futex resumed>) = 0 [pid 349] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 352] <... mount resumed>) = 0 [pid 338] +++ killed by SIGBUS +++ [pid 296] close(4 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=338, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 349] <... write resumed>) = 9 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... close resumed>) = 0 [pid 352] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", [pid 349] <... futex resumed>) = 1 [pid 296] rmdir("./1/file0" [pid 343] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 349] creat("./bus", 000 [pid 343] <... futex resumed>) = 0 [pid 296] getdents64(3, [pid 297] close(4) = 0 [pid 297] rmdir("./1/file0" [pid 352] <... openat resumed>) = 3 [pid 349] <... creat resumed>) = 5 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(3 [pid 352] chdir("./file0" [pid 349] <... futex resumed>) = 1 [pid 343] <... futex resumed>) = 0 [pid 297] getdents64(3, [pid 296] <... close resumed>) = 0 [pid 349] creat("./bus", 000 [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] rmdir("./1" [pid 349] <... creat resumed>) = 6 [pid 343] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 349] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] mkdir("./2", 0777 [pid 349] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 349] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] rmdir("./1") = 0 [pid 296] <... mkdir resumed>) = 0 [pid 349] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 343] <... futex resumed>) = 0 [pid 298] newfstatat(3, "", [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 349] <... open resumed>) = 7 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... openat resumed>) = 3 [pid 349] <... futex resumed>) = 0 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] getdents64(3, [pid 296] ioctl(3, LOOP_CLR_FD [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 297] mkdir("./2", 0777 [pid 349] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 343] <... futex resumed>) = 0 [pid 298] umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 349] <... mmap resumed>) = 0x20000000 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... mkdir resumed>) = 0 [pid 296] close(3 [pid 352] <... chdir resumed>) = 0 [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] newfstatat(AT_FDCWD, "./1/binderfs", [pid 352] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 349] <... futex resumed>) = 0 [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... close resumed>) = 0 [pid 349] ftruncate(6, 31 [pid 343] <... futex resumed>) = 0 [pid 298] unlink("./1/binderfs" [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 349] <... ftruncate resumed>) = 0 [pid 343] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... unlink resumed>) = 0 [pid 349] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 343] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 357 ./strace-static-x86_64: Process 357 attached [pid 349] <... futex resumed>) = 0 [pid 343] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 352] <... openat resumed>) = 4 [pid 297] <... openat resumed>) = 3 [pid 352] ioctl(4, LOOP_CLR_FD [ 22.724384][ T349] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 22.735066][ T341] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.753765][ T352] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 297] ioctl(3, LOOP_CLR_FD [pid 352] <... ioctl resumed>) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 352] close(4 [pid 297] close(3 [pid 352] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 352] <... futex resumed>) = 1 [pid 347] <... futex resumed>) = 0 [pid 352] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... clone resumed>, child_tidptr=0x555556fc5690) = 358 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] set_robust_list(0x555556fc56a0, 24) = 0 [pid 357] chdir("./2") = 0 [pid 357] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 357] setpgid(0, 0) = 0 [pid 357] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 357] write(3, "1000", 4) = 4 [pid 357] close(3) = 0 [pid 357] symlink("/dev/binderfs", "./binderfs") = 0 [pid 357] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 357] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 357] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[359]}, 88) = 359 [pid 357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 343] <... futex resumed>) = 0 [pid 343] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 359 attached ./strace-static-x86_64: Process 358 attached [pid 352] <... open resumed>) = 4 [pid 349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 343] <... mmap resumed>) = 0x7f5123a88000 [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] <... futex resumed>) = 0 [pid 352] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] <... futex resumed>) = 0 [pid 359] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 349] +++ killed by SIGBUS +++ [pid 343] +++ killed by SIGBUS +++ [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] set_robust_list(0x555556fc56a0, 24 [pid 352] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 358] <... set_robust_list resumed>) = 0 [pid 359] memfd_create("syzkaller", 0) = 3 [pid 359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 298] <... umount2 resumed>) = 0 [pid 352] <... write resumed>) = 9 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=343, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] <... futex resumed>) = 0 [pid 352] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] <... futex resumed>) = 0 [pid 352] creat("./bus", 000 [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... creat resumed>) = 5 [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] <... futex resumed>) = 0 [pid 352] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] <... futex resumed>) = 0 [pid 352] creat("./bus", 000 [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 352] <... creat resumed>) = 6 [pid 358] chdir("./2" [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 358] <... chdir resumed>) = 0 [pid 352] <... futex resumed>) = 1 [pid 347] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 352] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] <... futex resumed>) = 0 [pid 352] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 358] <... prctl resumed>) = 0 [pid 352] <... open resumed>) = 7 [pid 299] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] newfstatat(AT_FDCWD, "./1/file0", [pid 358] setpgid(0, 0 [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... setpgid resumed>) = 0 [pid 352] <... futex resumed>) = 1 [pid 347] <... futex resumed>) = 0 [pid 299] newfstatat(3, "", [pid 358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 352] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] <... futex resumed>) = 0 [pid 358] <... openat resumed>) = 3 [pid 352] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(3, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] write(3, "1000", 4 [pid 352] <... mmap resumed>) = 0x20000000 [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 358] <... write resumed>) = 4 [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 358] close(3 [pid 352] <... futex resumed>) = 1 [pid 347] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 358] <... close resumed>) = 0 [pid 352] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./2/binderfs", [pid 298] <... openat resumed>) = 4 [pid 358] symlink("/dev/binderfs", "./binderfs" [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 358] <... symlink resumed>) = 0 [pid 352] ftruncate(6, 31 [pid 347] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./2/binderfs" [pid 298] newfstatat(4, "", [pid 358] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 352] <... ftruncate resumed>) = 0 [pid 352] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 358] <... futex resumed>) = 0 [pid 352] <... futex resumed>) = 1 [pid 347] <... futex resumed>) = 0 [pid 299] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 22.772168][ T298] EXT4-fs (loop3): unmounting filesystem. [ 22.777945][ T349] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 358] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 352] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... rt_sigaction resumed>NULL, 8) = 0 [pid 352] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 347] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 347] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 347] <... futex resumed>) = 0 [pid 358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 358] <... mmap resumed>) = 0x7f5123aa9000 [pid 358] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[360]}, 88) = 360 [pid 358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 360 attached [pid 298] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 360] set_robust_list(0x7f5123ac99a0, 24 [pid 298] close(4) = 0 [pid 360] <... set_robust_list resumed>) = 0 [pid 298] rmdir("./1/file0" [pid 360] rt_sigprocmask(SIG_SETMASK, [], [pid 359] <... write resumed>) = 1048576 [pid 298] <... rmdir resumed>) = 0 [pid 360] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 360] memfd_create("syzkaller", 0) = 3 [pid 360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 299] <... umount2 resumed>) = 0 [pid 359] munmap(0x7f511b6a9000, 138412032) = 0 [pid 359] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 359] ioctl(4, LOOP_SET_FD, 3 [pid 352] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 347] <... mmap resumed>) = 0x7f5123a88000 [pid 299] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./2/file0", [pid 298] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] close(3) = 0 [pid 299] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] rmdir("./1" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] <... ioctl resumed>) = 0 [pid 359] close(3) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] mkdir("./2", 0777 [pid 299] <... openat resumed>) = 4 [pid 359] close(4) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 359] mkdir("./file0", 0777) = 0 [pid 359] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] newfstatat(4, "", [pid 298] <... openat resumed>) = 3 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] getdents64(4, [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 299] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] <... close resumed>) = 0 [pid 299] getdents64(4, [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 299] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 361 [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./2/file0") = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./2") = 0 [pid 299] mkdir("./3", 0777 [pid 360] <... write resumed>) = 1048576 [pid 299] <... mkdir resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR./strace-static-x86_64: Process 361 attached ) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 361] set_robust_list(0x555556fc56a0, 24) = 0 [pid 361] chdir("./2" [pid 360] munmap(0x7f511b6a9000, 138412032 [pid 361] <... chdir resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556fc5690) = 362 [pid 361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 361] setpgid(0, 0) = 0 [pid 361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 360] <... munmap resumed>) = 0 [pid 360] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_SET_FD, 3 [pid 352] +++ killed by SIGBUS +++ [pid 347] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=347, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 295] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./2/binderfs" [pid 361] <... openat resumed>) = 3 [pid 361] write(3, "1000", 4 [pid 295] <... unlink resumed>) = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 361] <... write resumed>) = 4 [pid 361] close(3) = 0 [pid 361] symlink("/dev/binderfs", "./binderfs"./strace-static-x86_64: Process 362 attached [pid 362] set_robust_list(0x555556fc56a0, 24) = 0 [pid 361] <... symlink resumed>) = 0 [pid 361] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 361] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[363]}, 88) = 363 [pid 361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 360] <... ioctl resumed>) = 0 [pid 360] close(3) = 0 [pid 360] close(4) = 0 [pid 360] mkdir("./file0", 0777) = 0 [pid 360] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [ 22.810567][ T352] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.810665][ T299] EXT4-fs (loop4): unmounting filesystem. [ 22.836880][ T359] loop1: detected capacity change from 0 to 2048 [ 22.858425][ T360] loop2: detected capacity change from 0 to 2048 [ 22.869545][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 362] chdir("./3") = 0 [pid 362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 362] setpgid(0, 0./strace-static-x86_64: Process 363 attached ) = 0 [pid 362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 362] write(3, "1000", 4) = 4 [pid 362] close(3) = 0 [pid 362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 362] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 363] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 363] memfd_create("syzkaller", 0) = 3 [pid 363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 295] <... umount2 resumed>) = 0 [pid 362] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[366]}, 88) = 366 [pid 295] newfstatat(AT_FDCWD, "./2/file0", [pid 362] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 ./strace-static-x86_64: Process 366 attached [pid 295] rmdir("./2/file0" [pid 366] set_robust_list(0x7f5123ac99a0, 24 [pid 295] <... rmdir resumed>) = 0 [pid 366] <... set_robust_list resumed>) = 0 [pid 295] getdents64(3, [pid 366] rt_sigprocmask(SIG_SETMASK, [], [pid 295] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./2" [pid 363] <... write resumed>) = 1048576 [pid 363] munmap(0x7f511b6a9000, 138412032) = 0 [pid 363] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_SET_FD, 3 [pid 366] memfd_create("syzkaller", 0 [pid 295] <... rmdir resumed>) = 0 [pid 363] <... ioctl resumed>) = 0 [pid 363] close(3) = 0 [pid 363] close(4) = 0 [pid 363] mkdir("./file0", 0777) = 0 [pid 363] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 366] <... memfd_create resumed>) = 3 [pid 366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 366] munmap(0x7f511b6a9000, 138412032) = 0 [pid 366] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_SET_FD, 3 [pid 295] mkdir("./3", 0777 [pid 366] <... ioctl resumed>) = 0 [pid 366] close(3) = 0 [pid 366] close(4) = 0 [pid 366] mkdir("./file0", 0777 [pid 295] <... mkdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 366] <... mkdir resumed>) = 0 [pid 366] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 295] <... openat resumed>) = 3 [pid 359] <... mount resumed>) = 0 [pid 359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 359] chdir("./file0") = 0 [pid 359] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 359] ioctl(4, LOOP_CLR_FD) = 0 [pid 359] close(4) = 0 [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] close(3) = 0 [pid 359] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 360] <... mount resumed>) = 0 [pid 360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 360] chdir("./file0") = 0 [pid 360] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 360] ioctl(4, LOOP_CLR_FD) = 0 [pid 360] close(4) = 0 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... futex resumed>) = 1 [pid 360] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 295] <... clone resumed>, child_tidptr=0x555556fc5690) = 370 ./strace-static-x86_64: Process 370 attached [pid 370] set_robust_list(0x555556fc56a0, 24) = 0 [pid 370] chdir("./3") = 0 [pid 370] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 370] setpgid(0, 0) = 0 [pid 370] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 370] write(3, "1000", 4) = 4 [pid 370] close(3) = 0 [pid 370] symlink("/dev/binderfs", "./binderfs") = 0 [pid 370] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 370] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 370] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 370] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 370] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[371]}, 88) = 371 [pid 370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 371 attached [pid 371] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 371] memfd_create("syzkaller", 0) = 3 [pid 371] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 360] <... open resumed>) = 4 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 360] <... futex resumed>) = 1 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] creat("./bus", 000) = 5 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... open resumed>) = 4 [pid 358] <... futex resumed>) = 0 [pid 360] <... futex resumed>) = 1 [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 360] creat("./bus", 000) = 6 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 358] <... futex resumed>) = 0 [pid 359] <... futex resumed>) = 1 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 357] <... futex resumed>) = 0 [pid 360] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 358] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... open resumed>) = 7 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 360] <... futex resumed>) = 1 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... mmap resumed>) = 0x20000000 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] <... write resumed>) = 9 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] ftruncate(6, 31 [pid 358] <... futex resumed>) = 0 [pid 358] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] <... ftruncate resumed>) = 0 [ 22.898104][ T363] loop3: detected capacity change from 0 to 2048 [ 22.899321][ T359] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 22.914577][ T360] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 22.922865][ T366] loop4: detected capacity change from 0 to 2048 [pid 360] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] <... futex resumed>) = 0 [pid 360] <... futex resumed>) = 1 [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 358] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 371] <... write resumed>) = 1048576 [pid 371] munmap(0x7f511b6a9000, 138412032) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_SET_FD, 3 [pid 359] <... futex resumed>) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] creat("./bus", 000 [pid 371] <... ioctl resumed>) = 0 [pid 371] close(3) = 0 [pid 371] close(4) = 0 [pid 371] mkdir("./file0", 0777) = 0 [pid 359] <... creat resumed>) = 5 [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 359] <... futex resumed>) = 1 [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 358] <... mmap resumed>) = 0x7f5123a88000 [pid 358] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE [pid 359] creat("./bus", 000) = 6 [pid 358] <... mprotect resumed>) = ? [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] +++ killed by SIGBUS +++ [pid 358] +++ killed by SIGBUS +++ [pid 359] <... futex resumed>) = 1 [pid 359] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=358, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 359] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 297] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 359] <... open resumed>) = 7 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 297] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./2/binderfs") = 0 [pid 297] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 357] <... futex resumed>) = 0 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... futex resumed>) = 0 [pid 357] <... futex resumed>) = 1 [pid 359] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... mmap resumed>) = 0x20000000 [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 357] <... futex resumed>) = 0 [pid 359] ftruncate(6, 31 [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] <... ftruncate resumed>) = 0 [pid 357] <... futex resumed>) = 0 [pid 359] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [ 22.948682][ T360] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.951755][ T371] loop0: detected capacity change from 0 to 2048 [ 22.980691][ T366] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [pid 357] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] <... futex resumed>) = 0 [pid 357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 357] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123a88000 [pid 357] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 357] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 357] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123aa8990, parent_tid=0x7f5123aa8990, exit_signal=0, stack=0x7f5123a88000, stack_size=0x20300, tls=0x7f5123aa86c0} => {parent_tid=[376]}, 88) = 376 [pid 357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 357] futex(0x7f5123b95718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 357] futex(0x7f5123b9571c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 357] <... futex resumed>) = ? [pid 359] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 376 attached [pid 376] +++ killed by SIGBUS +++ [pid 357] +++ killed by SIGBUS +++ [pid 366] <... mount resumed>) = 0 [pid 366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 366] chdir("./file0") = 0 [pid 366] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 366] ioctl(4, LOOP_CLR_FD) = 0 [pid 366] close(4) = 0 [pid 363] <... mount resumed>) = 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=357, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 296] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./2/binderfs") = 0 [pid 296] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 366] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... futex resumed>) = 1 [pid 366] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 363] chdir("./file0") = 0 [pid 363] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 363] ioctl(4, LOOP_CLR_FD) = 0 [pid 363] close(4 [pid 366] <... open resumed>) = 4 [pid 363] <... close resumed>) = 0 [pid 366] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = 1 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... futex resumed>) = 1 [pid 366] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 362] <... futex resumed>) = 0 [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 363] <... open resumed>) = 4 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 363] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 366] <... futex resumed>) = 0 [pid 366] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 361] <... futex resumed>) = 0 [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 363] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = 1 [pid 363] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./2/file0") = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./2" [pid 363] <... write resumed>) = 9 [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./3", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] <... umount2 resumed>) = 0 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 366] <... write resumed>) = 9 [pid 363] <... futex resumed>) = 1 [pid 361] <... futex resumed>) = 0 [pid 366] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] creat("./bus", 000 [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = 1 [pid 363] <... creat resumed>) = 5 [pid 362] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556fc5690) = 378 [pid 366] creat("./bus", 000 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 366] <... creat resumed>) = 5 [pid 363] <... futex resumed>) = 0 [pid 362] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 366] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 366] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] <... futex resumed>) = 0 [pid 366] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] creat("./bus", 000 [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] newfstatat(AT_FDCWD, "./2/file0", [pid 366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 363] <... creat resumed>) = 6 [pid 362] <... futex resumed>) = 0 [pid 366] creat("./bus", 000 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 366] <... creat resumed>) = 6 [pid 363] <... futex resumed>) = 1 [pid 361] <... futex resumed>) = 0 [pid 366] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [ 22.984948][ T359] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 22.990135][ T363] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 23.013330][ T297] EXT4-fs (loop2): unmounting filesystem. [ 23.019721][ T296] EXT4-fs (loop1): unmounting filesystem. [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 366] <... futex resumed>) = 1 [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 362] <... futex resumed>) = 0 [pid 361] <... futex resumed>) = 0 ./strace-static-x86_64: Process 378 attached [pid 366] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 378] set_robust_list(0x555556fc56a0, 24 [pid 366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 363] <... open resumed>) = 7 [pid 362] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 378] <... set_robust_list resumed>) = 0 [pid 366] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... openat resumed>) = 4 [pid 378] chdir("./3" [pid 366] <... open resumed>) = 7 [pid 363] <... futex resumed>) = 1 [pid 361] <... futex resumed>) = 0 [pid 296] newfstatat(4, "", [pid 378] <... chdir resumed>) = 0 [pid 366] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 378] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 366] <... futex resumed>) = 0 [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] <... futex resumed>) = 0 [pid 296] getdents64(4, [pid 378] <... prctl resumed>) = 0 [pid 366] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 363] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 378] setpgid(0, 0 [pid 363] <... mmap resumed>) = 0x20000000 [pid 296] getdents64(4, [pid 378] <... setpgid resumed>) = 0 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 363] <... futex resumed>) = 1 [pid 361] <... futex resumed>) = 0 [pid 296] close(4 [pid 378] <... openat resumed>) = 3 [pid 363] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 378] write(3, "1000", 4 [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] <... futex resumed>) = 0 [pid 296] rmdir("./2/file0" [pid 378] <... write resumed>) = 4 [pid 363] ftruncate(6, 31 [pid 361] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... rmdir resumed>) = 0 [pid 378] close(3 [pid 363] <... ftruncate resumed>) = 0 [pid 296] getdents64(3, [pid 378] <... close resumed>) = 0 [pid 363] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 378] symlink("/dev/binderfs", "./binderfs" [pid 363] <... futex resumed>) = 1 [pid 361] <... futex resumed>) = 0 [pid 296] close(3 [pid 378] <... symlink resumed>) = 0 [pid 363] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 378] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] <... futex resumed>) = 0 [pid 296] rmdir("./2" [pid 371] <... mount resumed>) = 0 [pid 362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... openat resumed>) = 3 [pid 362] <... futex resumed>) = 1 [pid 371] chdir("./file0" [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] <... chdir resumed>) = 0 [pid 371] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 371] ioctl(4, LOOP_CLR_FD) = 0 [pid 371] close(4) = 0 [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 371] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] <... futex resumed>) = 0 [pid 378] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 378] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[380]}, 88) = 380 [pid 378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 361] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] <... rmdir resumed>) = 0 [pid 296] mkdir("./3", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 381 [pid 366] <... futex resumed>) = 0 [pid 366] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 370] <... futex resumed>) = 0 [pid 366] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 362] <... futex resumed>) = 0 [pid 366] ftruncate(6, 31 [pid 362] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] <... ftruncate resumed>) = 0 [pid 366] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 362] <... futex resumed>) = 0 [pid 366] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 362] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 366] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 362] <... futex resumed>) = 0 ./strace-static-x86_64: Process 381 attached ./strace-static-x86_64: Process 380 attached [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 363] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 361] <... mmap resumed>) = 0x7f5123a88000 [pid 381] set_robust_list(0x555556fc56a0, 24 [pid 380] set_robust_list(0x7f5123ac99a0, 24 [pid 370] <... futex resumed>) = 1 [pid 381] <... set_robust_list resumed>) = 0 [pid 380] <... set_robust_list resumed>) = 0 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] chdir("./3" [pid 380] rt_sigprocmask(SIG_SETMASK, [], [pid 381] <... chdir resumed>) = 0 [pid 380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 381] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 380] memfd_create("syzkaller", 0 [pid 381] <... prctl resumed>) = 0 [pid 380] <... memfd_create resumed>) = 3 [pid 381] setpgid(0, 0 [pid 380] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 381] <... setpgid resumed>) = 0 [pid 380] <... mmap resumed>) = 0x7f511b6a9000 [pid 363] +++ killed by SIGBUS +++ [pid 361] +++ killed by SIGBUS +++ [pid 381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 380] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 381] <... openat resumed>) = 3 [pid 380] <... write resumed>) = 1048576 [pid 381] write(3, "1000", 4) = 4 [pid 380] munmap(0x7f511b6a9000, 138412032 [pid 381] close(3) = 0 [pid 380] <... munmap resumed>) = 0 [pid 381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 381] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] <... openat resumed>) = 4 [pid 381] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 380] ioctl(4, LOOP_SET_FD, 3 [pid 381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 371] <... futex resumed>) = 0 [pid 366] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 362] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=361, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- [pid 371] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 366] +++ killed by SIGBUS +++ [pid 362] +++ killed by SIGBUS +++ [pid 298] umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=362, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 298] openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 299] <... restart_syscall resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 380] <... ioctl resumed>) = 0 [pid 371] <... open resumed>) = 4 [pid 299] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] getdents64(3, [pid 381] <... mmap resumed>) = 0x7f5123aa9000 [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 380] close(3 [pid 371] <... futex resumed>) = 1 [pid 299] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 381] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 380] <... close resumed>) = 0 [pid 371] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 370] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 298] newfstatat(AT_FDCWD, "./2/binderfs", [pid 381] <... mprotect resumed>) = 0 [pid 380] close(4 [pid 371] <... futex resumed>) = 0 [pid 370] <... futex resumed>) = 1 [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 381] rt_sigprocmask(SIG_BLOCK, ~[], [pid 371] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] unlink("./2/binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./3/binderfs") = 0 [pid 299] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 380] <... close resumed>) = 0 [pid 380] mkdir("./file0", 0777) = 0 [pid 380] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 381] <... rt_sigprocmask resumed>[], 8) = 0 [pid 381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[382]}, 88) = 382 [pid 381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 371] <... write resumed>) = 9 [pid 298] <... unlink resumed>) = 0 [ 23.047031][ T371] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.050224][ T363] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.075865][ T366] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.089590][ T380] loop2: detected capacity change from 0 to 2048 ./strace-static-x86_64: Process 382 attached [pid 382] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 382] memfd_create("syzkaller", 0) = 3 [pid 382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 370] <... futex resumed>) = 0 [pid 371] creat("./bus", 000 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 371] <... creat resumed>) = 5 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] creat("./bus", 000 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] <... creat resumed>) = 6 [pid 370] <... futex resumed>) = 0 [pid 382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 0 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 370] <... futex resumed>) = 0 [pid 371] <... open resumed>) = 7 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 0 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 370] <... futex resumed>) = 0 [pid 371] <... mmap resumed>) = 0x20000000 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] munmap(0x7f511b6a9000, 138412032) = 0 [pid 382] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 382] ioctl(4, LOOP_SET_FD, 3 [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 382] <... ioctl resumed>) = 0 [pid 382] close(3) = 0 [pid 382] close(4) = 0 [pid 382] mkdir("./file0", 0777) = 0 [pid 382] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 371] <... futex resumed>) = 1 [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 371] ftruncate(6, 31 [pid 370] <... futex resumed>) = 0 [pid 371] <... ftruncate resumed>) = 0 [pid 370] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 371] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 371] <... futex resumed>) = 0 [pid 370] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./3/file0") = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./3") = 0 [pid 299] mkdir("./4", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 385 ./strace-static-x86_64: Process 385 attached [pid 385] set_robust_list(0x555556fc56a0, 24) = 0 [pid 385] chdir("./4") = 0 [pid 385] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 385] setpgid(0, 0) = 0 [pid 385] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 370] <... futex resumed>) = 0 [pid 370] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 370] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 385] <... openat resumed>) = 3 [pid 385] write(3, "1000", 4) = 4 [pid 385] close(3) = 0 [pid 385] symlink("/dev/binderfs", "./binderfs") = 0 [pid 385] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 385] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 385] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 385] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 385] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 385] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[386]}, 88) = 386 [pid 385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 386 attached [pid 386] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 298] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 386] memfd_create("syzkaller", 0) = 3 [ 23.104002][ T299] EXT4-fs (loop4): unmounting filesystem. [ 23.111652][ T298] EXT4-fs (loop3): unmounting filesystem. [ 23.120197][ T382] loop1: detected capacity change from 0 to 2048 [ 23.132504][ T371] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 386] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 386] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 380] <... mount resumed>) = 0 [pid 298] umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 380] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 370] <... mmap resumed>) = 0x7f5123a88000 [pid 371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 380] <... openat resumed>) = 3 [pid 370] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE [pid 380] chdir("./file0" [pid 298] openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 380] <... chdir resumed>) = 0 [pid 370] <... mprotect resumed>) = ? [pid 298] <... openat resumed>) = 4 [pid 380] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 298] newfstatat(4, "", [pid 380] ioctl(4, LOOP_CLR_FD [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 380] <... ioctl resumed>) = 0 [pid 298] getdents64(4, [pid 380] close(4) = 0 [pid 298] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 386] <... write resumed>) = 1048576 [pid 386] munmap(0x7f511b6a9000, 138412032) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 298] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 371] +++ killed by SIGBUS +++ [pid 370] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=370, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 295] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 295] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./3/binderfs") = 0 [pid 295] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 378] <... futex resumed>) = 0 [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 386] ioctl(4, LOOP_SET_FD, 3 [pid 382] <... mount resumed>) = 0 [pid 380] <... open resumed>) = 4 [pid 298] close(4 [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 380] <... futex resumed>) = 1 [pid 378] <... futex resumed>) = 0 [pid 298] rmdir("./2/file0" [pid 380] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... rmdir resumed>) = 0 [pid 380] <... write resumed>) = 9 [pid 378] <... futex resumed>) = 0 [pid 298] getdents64(3, [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 380] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] close(3 [pid 380] creat("./bus", 000 [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... close resumed>) = 0 [pid 380] <... creat resumed>) = 5 [pid 378] <... futex resumed>) = 0 [pid 298] rmdir("./2" [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... rmdir resumed>) = 0 [pid 380] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] mkdir("./3", 0777 [pid 380] creat("./bus", 000 [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... mkdir resumed>) = 0 [pid 380] <... creat resumed>) = 6 [pid 378] <... futex resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... openat resumed>) = 3 [pid 386] <... ioctl resumed>) = 0 [pid 382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 380] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] ioctl(3, LOOP_CLR_FD [pid 380] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 380] <... open resumed>) = 7 [pid 378] <... futex resumed>) = 0 [pid 298] close(3 [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... close resumed>) = 0 [pid 380] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 380] <... mmap resumed>) = 0x20000000 [pid 378] <... futex resumed>) = 0 [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] ftruncate(6, 31 [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 389 [pid 380] <... ftruncate resumed>) = 0 [pid 378] <... futex resumed>) = 0 [pid 380] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 380] <... futex resumed>) = 0 [pid 378] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 380] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 378] <... futex resumed>) = 0 [pid 380] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- ./strace-static-x86_64: Process 389 attached [pid 386] close(3) = 0 [pid 382] <... openat resumed>) = 3 [pid 386] close(4 [pid 389] set_robust_list(0x555556fc56a0, 24 [pid 386] <... close resumed>) = 0 [pid 382] chdir("./file0" [pid 380] +++ killed by SIGBUS +++ [pid 378] +++ killed by SIGBUS +++ [pid 389] <... set_robust_list resumed>) = 0 [pid 389] chdir("./3") = 0 [pid 389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 389] setpgid(0, 0) = 0 [pid 389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 382] <... chdir resumed>) = 0 [pid 386] mkdir("./file0", 0777 [pid 382] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=378, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 382] <... openat resumed>) = 4 [pid 382] ioctl(4, LOOP_CLR_FD [pid 297] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 382] <... ioctl resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 297] newfstatat(3, "", [pid 389] <... openat resumed>) = 3 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 382] close(4 [pid 297] getdents64(3, [pid 382] <... close resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... futex resumed>) = 1 [ 23.158034][ T380] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 23.171953][ T382] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 23.179152][ T386] loop4: detected capacity change from 0 to 2048 [ 23.187201][ T295] EXT4-fs (loop0): unmounting filesystem. [ 23.191658][ T380] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 382] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 297] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./3/binderfs" [pid 389] write(3, "1000", 4) = 4 [pid 389] close(3) = 0 [pid 297] <... unlink resumed>) = 0 [pid 389] symlink("/dev/binderfs", "./binderfs" [pid 297] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 389] <... symlink resumed>) = 0 [pid 386] <... mkdir resumed>) = 0 [pid 386] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 389] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 389] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[390]}, 88) = 390 [pid 389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./3/file0") = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./3") = 0 [pid 295] mkdir("./4", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 391 ./strace-static-x86_64: Process 390 attached [pid 390] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 390] memfd_create("syzkaller", 0) = 3 [pid 390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 382] <... open resumed>) = 4 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 382] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... write resumed>) = 9 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 382] creat("./bus", 000 [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... creat resumed>) = 5 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] creat("./bus", 000 [pid 381] <... futex resumed>) = 0 [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... creat resumed>) = 6 [pid 297] <... umount2 resumed>) = 0 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 297] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 382] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 381] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 382] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./3/file0", [pid 382] <... open resumed>) = 7 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 382] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 381] <... futex resumed>) = 0 [pid 382] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... mmap resumed>) = 0x20000000 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 381] <... futex resumed>) = 0 [pid 382] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 381] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 382] ftruncate(6, 31 [pid 381] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 382] <... ftruncate resumed>) = 0 [pid 382] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 382] <... futex resumed>) = 1 [pid 381] <... futex resumed>) = 0 [pid 382] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 381] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 381] <... futex resumed>) = 0 [pid 390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 390] munmap(0x7f511b6a9000, 138412032) = 0 [pid 390] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 390] ioctl(4, LOOP_SET_FD, 3 [pid 381] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 381] <... futex resumed>) = 0 [pid 381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... openat resumed>) = 4 [pid 297] newfstatat(4, "", [pid 390] <... ioctl resumed>) = 0 [pid 390] close(3) = 0 [pid 390] close(4) = 0 [pid 390] mkdir("./file0", 0777) = 0 [pid 390] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 391 attached [pid 391] set_robust_list(0x555556fc56a0, 24) = 0 [pid 391] chdir("./4") = 0 [pid 391] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 391] setpgid(0, 0) = 0 [ 23.215385][ T297] EXT4-fs (loop2): unmounting filesystem. [ 23.238776][ T382] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.244371][ T390] loop3: detected capacity change from 0 to 2048 [pid 391] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 391] write(3, "1000", 4) = 4 [pid 391] close(3) = 0 [pid 391] symlink("/dev/binderfs", "./binderfs") = 0 [pid 391] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 391] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 386] <... mount resumed>) = 0 [pid 297] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 386] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 297] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 386] <... openat resumed>) = 3 [pid 297] close(4) = 0 [pid 386] chdir("./file0" [pid 297] rmdir("./3/file0" [pid 391] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 386] <... chdir resumed>) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 386] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 297] getdents64(3, [pid 386] <... openat resumed>) = 4 [pid 297] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 386] ioctl(4, LOOP_CLR_FD [pid 297] close(3 [pid 391] <... mmap resumed>) = 0x7f5123aa9000 [pid 386] <... ioctl resumed>) = 0 [pid 382] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 381] <... mmap resumed>) = 0x7f5123a88000 [pid 297] <... close resumed>) = 0 [pid 381] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE [pid 297] rmdir("./3" [pid 386] close(4 [pid 391] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 297] <... rmdir resumed>) = 0 [pid 386] <... close resumed>) = 0 [pid 297] mkdir("./4", 0777 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... mprotect resumed>) = 0 [pid 391] rt_sigprocmask(SIG_BLOCK, ~[], [pid 386] <... futex resumed>) = 1 [pid 385] <... futex resumed>) = 0 [pid 382] +++ killed by SIGBUS +++ [pid 381] <... mprotect resumed>) = ? [pid 297] <... mkdir resumed>) = 0 [pid 391] <... rt_sigprocmask resumed>[], 8) = 0 [pid 391] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[396]}, 88) = 396 [pid 391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 391] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 386] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 0 [pid 386] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] +++ killed by SIGBUS +++ [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=381, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 297] <... openat resumed>) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3 [pid 296] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... close resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 386] <... futex resumed>) = 1 [pid 386] creat("./bus", 000 [pid 296] <... openat resumed>) = 3 [pid 297] <... clone resumed>, child_tidptr=0x555556fc5690) = 397 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 ./strace-static-x86_64: Process 397 attached ./strace-static-x86_64: Process 396 attached [pid 390] <... mount resumed>) = 0 [pid 296] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 397] set_robust_list(0x555556fc56a0, 24 [pid 396] set_robust_list(0x7f5123ac99a0, 24 [pid 390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 397] <... set_robust_list resumed>) = 0 [pid 396] <... set_robust_list resumed>) = 0 [pid 390] <... openat resumed>) = 3 [pid 296] newfstatat(AT_FDCWD, "./3/binderfs", [pid 386] <... creat resumed>) = 5 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 1 [pid 386] creat("./bus", 000 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 397] chdir("./4" [pid 396] rt_sigprocmask(SIG_SETMASK, [], [pid 390] chdir("./file0" [pid 296] unlink("./3/binderfs" [pid 397] <... chdir resumed>) = 0 [pid 396] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 397] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 386] <... creat resumed>) = 6 [pid 296] <... unlink resumed>) = 0 [pid 397] <... prctl resumed>) = 0 [pid 396] memfd_create("syzkaller", 0 [pid 390] <... chdir resumed>) = 0 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 397] setpgid(0, 0 [pid 396] <... memfd_create resumed>) = 3 [pid 390] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 386] <... futex resumed>) = 1 [pid 385] <... futex resumed>) = 0 [pid 397] <... setpgid resumed>) = 0 [pid 396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 390] <... openat resumed>) = 4 [pid 386] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... open resumed>) = 7 [pid 385] <... futex resumed>) = 0 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 0 [pid 385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... mmap resumed>) = 0x20000000 [pid 385] <... futex resumed>) = 0 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 0 [pid 385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 386] ftruncate(6, 31 [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... ftruncate resumed>) = 0 [pid 385] <... futex resumed>) = 0 [pid 386] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 386] <... futex resumed>) = 0 [pid 385] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 396] <... mmap resumed>) = 0x7f511b6a9000 [pid 390] ioctl(4, LOOP_CLR_FD [pid 385] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... openat resumed>) = 3 [pid 396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 390] <... ioctl resumed>) = 0 [ 23.260912][ T386] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 23.283254][ T390] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 23.300143][ T296] EXT4-fs (loop1): unmounting filesystem. [pid 397] write(3, "1000", 4 [pid 396] <... write resumed>) = 1048576 [pid 390] close(4 [pid 397] <... write resumed>) = 4 [pid 390] <... close resumed>) = 0 [pid 397] close(3) = 0 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] symlink("/dev/binderfs", "./binderfs") = 0 [pid 390] <... futex resumed>) = 1 [pid 397] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 390] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 397] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 397] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 397] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 397] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[398]}, 88) = 398 [pid 397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 389] <... futex resumed>) = 0 [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] <... futex resumed>) = 0 ./strace-static-x86_64: Process 398 attached [pid 396] munmap(0x7f511b6a9000, 138412032 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 385] write(459968512, "", 0 [pid 398] set_robust_list(0x7f5123ac99a0, 24 [pid 396] <... munmap resumed>) = 0 [pid 390] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... set_robust_list resumed>) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 390] <... open resumed>) = 4 [pid 386] +++ killed by SIGBUS +++ [pid 385] +++ killed by SIGBUS +++ [pid 398] rt_sigprocmask(SIG_SETMASK, [], [pid 396] <... openat resumed>) = 4 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 396] ioctl(4, LOOP_SET_FD, 3 [pid 398] memfd_create("syzkaller", 0 [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=385, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 398] <... memfd_create resumed>) = 3 [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 398] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 389] <... futex resumed>) = 0 [pid 398] <... mmap resumed>) = 0x7f511b6a9000 [pid 390] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... restart_syscall resumed>) = 0 [pid 396] <... ioctl resumed>) = 0 [pid 390] <... write resumed>) = 9 [pid 296] <... umount2 resumed>) = 0 [pid 396] close(3 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 396] <... close resumed>) = 0 [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 299] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 398] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 396] close(4 [pid 390] creat("./bus", 000 [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 398] <... write resumed>) = 1048576 [pid 390] <... creat resumed>) = 5 [pid 389] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./3/file0", [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] munmap(0x7f511b6a9000, 138412032) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 398] ioctl(4, LOOP_SET_FD, 3 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 390] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", [pid 296] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 390] creat("./bus", 000 [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(3, [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 390] <... creat resumed>) = 6 [pid 396] <... close resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 390] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./4/binderfs", [pid 296] <... openat resumed>) = 4 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] unlink("./4/binderfs" [pid 296] newfstatat(4, "", [pid 390] <... open resumed>) = 7 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... unlink resumed>) = 0 [pid 390] <... futex resumed>) = 1 [pid 389] <... futex resumed>) = 0 [pid 299] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 390] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] <... futex resumed>) = 0 [pid 296] getdents64(4, [pid 390] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... ioctl resumed>) = 0 [pid 396] mkdir("./file0", 0777 [pid 390] <... mmap resumed>) = 0x20000000 [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 389] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] getdents64(4, [pid 390] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(4 [pid 398] close(3 [pid 396] <... mkdir resumed>) = 0 [pid 390] <... futex resumed>) = 0 [pid 389] <... futex resumed>) = 1 [pid 296] <... close resumed>) = 0 [pid 396] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 389] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 390] ftruncate(6, 31 [pid 296] rmdir("./3/file0" [pid 390] <... ftruncate resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 390] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] getdents64(3, [pid 390] <... futex resumed>) = 1 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 389] <... futex resumed>) = 0 [pid 390] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 389] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(3 [pid 389] <... futex resumed>) = 0 [pid 390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 389] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 389] <... futex resumed>) = 0 [pid 398] <... close resumed>) = 0 [pid 389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] rmdir("./3") = 0 [pid 296] mkdir("./4", 0777) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 399 [pid 398] close(4) = 0 [pid 398] mkdir("./file0", 0777) = 0 [ 23.303198][ T386] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.324316][ T396] loop0: detected capacity change from 0 to 2048 [ 23.339853][ T398] loop2: detected capacity change from 0 to 2048 [ 23.350572][ T299] EXT4-fs (loop4): unmounting filesystem. [pid 398] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 399 attached [pid 399] set_robust_list(0x555556fc56a0, 24) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 299] close(4 [pid 399] chdir("./4" [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./4/file0") = 0 [pid 399] <... chdir resumed>) = 0 [pid 399] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 299] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3 [pid 399] <... prctl resumed>) = 0 [pid 399] setpgid(0, 0) = 0 [pid 399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... close resumed>) = 0 [pid 299] rmdir("./4") = 0 [pid 299] mkdir("./5", 0777 [pid 399] <... openat resumed>) = 3 [pid 399] write(3, "1000", 4) = 4 [pid 299] <... mkdir resumed>) = 0 [pid 399] close(3 [pid 390] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 389] <... mmap resumed>) = 0x7f5123a88000 [pid 399] <... close resumed>) = 0 [pid 399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 399] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 399] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[402]}, 88) = 402 [pid 399] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 403 ./strace-static-x86_64: Process 402 attached [pid 402] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 402] memfd_create("syzkaller", 0) = 3 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 ./strace-static-x86_64: Process 403 attached [pid 396] <... mount resumed>) = 0 [pid 390] +++ killed by SIGBUS +++ [pid 389] +++ killed by SIGBUS +++ [pid 403] set_robust_list(0x555556fc56a0, 24 [pid 396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 403] <... set_robust_list resumed>) = 0 [pid 396] <... openat resumed>) = 3 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 403] chdir("./5" [pid 396] chdir("./file0" [pid 403] <... chdir resumed>) = 0 [pid 403] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 396] <... chdir resumed>) = 0 [pid 403] <... prctl resumed>) = 0 [pid 396] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 403] setpgid(0, 0) = 0 [pid 396] <... openat resumed>) = 4 [pid 298] <... restart_syscall resumed>) = 0 [pid 403] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 396] ioctl(4, LOOP_CLR_FD [pid 403] <... openat resumed>) = 3 [pid 396] <... ioctl resumed>) = 0 [pid 403] write(3, "1000", 4 [pid 396] close(4 [pid 403] <... write resumed>) = 4 [pid 403] close(3 [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 396] <... close resumed>) = 0 [pid 298] umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW [pid 403] <... close resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 403] symlink("/dev/binderfs", "./binderfs" [pid 298] openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 403] <... symlink resumed>) = 0 [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... openat resumed>) = 3 [pid 403] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = 1 [pid 391] <... futex resumed>) = 0 [pid 298] newfstatat(3, "", [pid 403] <... futex resumed>) = 0 [pid 402] <... write resumed>) = 1048576 [pid 396] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 403] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 403] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 403] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 403] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 403] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 403] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[406]}, 88) = 406 [pid 403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 402] munmap(0x7f511b6a9000, 138412032) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 406 attached [pid 398] <... mount resumed>) = 0 [pid 396] <... open resumed>) = 4 [pid 391] <... futex resumed>) = 0 [ 23.358633][ T390] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.390785][ T396] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.407382][ T398] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [pid 298] getdents64(3, [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 396] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 396] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 396] <... write resumed>) = 9 [pid 391] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./3/binderfs", [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 396] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] unlink("./3/binderfs" [pid 396] creat("./bus", 000 [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... unlink resumed>) = 0 [pid 396] <... creat resumed>) = 5 [pid 391] <... futex resumed>) = 0 [pid 298] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] creat("./bus", 000 [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... creat resumed>) = 6 [pid 391] <... futex resumed>) = 0 [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] set_robust_list(0x7f5123ac99a0, 24 [pid 402] <... ioctl resumed>) = 0 [pid 398] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 396] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] <... set_robust_list resumed>) = 0 [pid 396] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... open resumed>) = 7 [pid 391] <... futex resumed>) = 0 [pid 406] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 406] memfd_create("syzkaller", 0) = 3 [pid 406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 402] close(3) = 0 [pid 391] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] close(4 [pid 396] <... futex resumed>) = 0 [pid 391] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 396] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] <... futex resumed>) = 0 [pid 396] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 391] <... futex resumed>) = 0 [pid 398] <... openat resumed>) = 3 [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 396] ftruncate(6, 31 [pid 391] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... close resumed>) = 0 [pid 398] chdir("./file0" [pid 402] mkdir("./file0", 0777 [pid 398] <... chdir resumed>) = 0 [pid 398] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 396] <... ftruncate resumed>) = 0 [pid 396] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... openat resumed>) = 4 [pid 398] ioctl(4, LOOP_CLR_FD) = 0 [pid 398] close(4 [pid 396] <... futex resumed>) = 1 [pid 391] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 396] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 391] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 391] <... futex resumed>) = 0 [pid 406] <... write resumed>) = 1048576 [pid 402] <... mkdir resumed>) = 0 [pid 398] <... close resumed>) = 0 [pid 298] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./3/file0") = 0 [pid 298] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./3") = 0 [pid 298] mkdir("./4", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 406] munmap(0x7f511b6a9000, 138412032) = 0 [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... futex resumed>) = 1 [pid 398] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 406] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 407 attached [pid 402] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 398] <... open resumed>) = 4 [pid 396] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 391] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 407 [pid 407] set_robust_list(0x555556fc56a0, 24 [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 391] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 407] <... set_robust_list resumed>) = 0 [pid 406] <... ioctl resumed>) = 0 [pid 398] <... futex resumed>) = 1 [pid 397] <... futex resumed>) = 0 [pid 406] close(3 [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... close resumed>) = 0 [pid 398] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 397] <... futex resumed>) = 0 [pid 407] chdir("./4" [pid 406] close(4) = 0 [pid 406] mkdir("./file0", 0777) = 0 [pid 406] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 396] +++ killed by SIGBUS +++ [pid 391] +++ killed by SIGBUS +++ [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=391, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 295] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, [pid 407] <... chdir resumed>) = 0 [pid 398] <... write resumed>) = 9 [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 295] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 407] <... prctl resumed>) = 0 [pid 398] <... futex resumed>) = 0 [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 407] setpgid(0, 0 [pid 295] newfstatat(AT_FDCWD, "./4/binderfs", [pid 407] <... setpgid resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 295] unlink("./4/binderfs" [pid 407] <... openat resumed>) = 3 [pid 295] <... unlink resumed>) = 0 [pid 407] write(3, "1000", 4 [pid 295] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 407] <... write resumed>) = 4 [pid 398] creat("./bus", 000 [pid 397] <... futex resumed>) = 0 [pid 407] close(3) = 0 [ 23.411139][ T402] loop1: detected capacity change from 0 to 2048 [ 23.423090][ T298] EXT4-fs (loop3): unmounting filesystem. [ 23.445352][ T396] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.454418][ T406] loop4: detected capacity change from 0 to 2048 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 407] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[408]}, 88) = 408 [pid 407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... creat resumed>) = 5 [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 398] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] <... futex resumed>) = 0 [pid 398] creat("./bus", 000 [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... creat resumed>) = 6 [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 398] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 397] <... futex resumed>) = 0 [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 398] <... futex resumed>) = 0 [pid 397] <... futex resumed>) = 1 [pid 398] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 398] <... open resumed>) = 7 [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 397] <... futex resumed>) = 0 [pid 398] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 408 attached [pid 398] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 397] <... futex resumed>) = 0 [pid 408] set_robust_list(0x7f5123ac99a0, 24 [pid 398] <... mmap resumed>) = 0x20000000 [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... set_robust_list resumed>) = 0 [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 408] rt_sigprocmask(SIG_SETMASK, [], [pid 398] <... futex resumed>) = 0 [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 398] ftruncate(6, 31 [pid 397] <... futex resumed>) = 0 [pid 408] memfd_create("syzkaller", 0 [pid 398] <... ftruncate resumed>) = 0 [pid 397] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... memfd_create resumed>) = 3 [pid 398] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 398] <... futex resumed>) = 0 [pid 397] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./4/file0") = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./4") = 0 [pid 295] mkdir("./5", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 409 ./strace-static-x86_64: Process 409 attached [pid 409] set_robust_list(0x555556fc56a0, 24) = 0 [pid 409] chdir("./5") = 0 [pid 409] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 409] setpgid(0, 0) = 0 [pid 409] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 409] write(3, "1000", 4) = 4 [pid 409] close(3) = 0 [pid 409] symlink("/dev/binderfs", "./binderfs") = 0 [pid 409] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 409] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 409] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 409] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 409] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[410]}, 88) = 410 [pid 409] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 410 attached [pid 410] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 397] <... futex resumed>) = 0 [pid 410] memfd_create("syzkaller", 0) = 3 [pid 410] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 397] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 397] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 410] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 408] <... mmap resumed>) = 0x7f511b6a9000 [pid 410] <... write resumed>) = 1048576 [pid 410] munmap(0x7f511b6a9000, 138412032) = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_SET_FD, 3 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 397] <... mmap resumed>) = 0x7f5123a88000 [pid 410] <... ioctl resumed>) = 0 [pid 408] <... write resumed>) = 1048576 [pid 408] munmap(0x7f511b6a9000, 138412032) = 0 [ 23.477115][ T295] EXT4-fs (loop0): unmounting filesystem. [ 23.487922][ T398] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.516074][ T410] loop0: detected capacity change from 0 to 2048 [pid 408] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3 [pid 398] +++ killed by SIGBUS +++ [pid 397] +++ killed by SIGBUS +++ [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=397, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 297] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 297] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 297] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./4/binderfs") = 0 [pid 297] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 410] close(3) = 0 [pid 410] close(4) = 0 [pid 410] mkdir("./file0", 0777) = 0 [pid 410] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 408] <... ioctl resumed>) = 0 [pid 408] close(3) = 0 [pid 408] close(4) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 406] <... mount resumed>) = 0 [pid 406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 406] chdir("./file0") = 0 [pid 406] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 406] ioctl(4, LOOP_CLR_FD) = 0 [pid 406] close(4) = 0 [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = 0 [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 1 [pid 406] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 402] <... mount resumed>) = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 402] chdir("./file0") = 0 [pid 402] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] <... futex resumed>) = 0 [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 1 [pid 402] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 406] <... open resumed>) = 4 [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 406] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... open resumed>) = 4 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] <... futex resumed>) = 0 [pid 406] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... write resumed>) = 9 [pid 402] <... futex resumed>) = 1 [pid 399] <... futex resumed>) = 0 [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = 1 [pid 403] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = 0 [pid 406] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] <... futex resumed>) = 0 [pid 406] creat("./bus", 000 [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... creat resumed>) = 5 [pid 402] <... write resumed>) = 9 [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] <... futex resumed>) = 0 [pid 406] creat("./bus", 000 [pid 399] <... futex resumed>) = 0 [pid 402] <... futex resumed>) = 1 [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... creat resumed>) = 6 [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] creat("./bus", 000 [pid 399] <... futex resumed>) = 0 [pid 406] <... futex resumed>) = 1 [pid 403] <... futex resumed>) = 0 [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] <... futex resumed>) = 0 [pid 402] <... creat resumed>) = 5 [pid 406] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... open resumed>) = 7 [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 1 [pid 399] <... futex resumed>) = 0 [pid 406] <... futex resumed>) = 1 [pid 403] <... futex resumed>) = 0 [pid 406] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 403] <... futex resumed>) = 0 [pid 402] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 399] <... futex resumed>) = 0 [pid 406] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... mmap resumed>) = 0x20000000 [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 403] <... futex resumed>) = 0 [pid 406] ftruncate(6, 31 [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] creat("./bus", 000) = 6 [pid 403] <... futex resumed>) = 0 [pid 406] <... ftruncate resumed>) = 0 [pid 403] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 403] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 399] <... futex resumed>) = 0 [pid 402] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... open resumed>) = 7 [pid 399] <... futex resumed>) = 0 [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 402] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... mmap resumed>) = 0x20000000 [pid 399] <... futex resumed>) = 0 [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 402] ftruncate(6, 31 [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... ftruncate resumed>) = 0 [pid 399] <... futex resumed>) = 0 [pid 402] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [ 23.523993][ T406] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 23.524972][ T408] loop3: detected capacity change from 0 to 2048 [ 23.533167][ T402] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 23.555966][ T297] EXT4-fs (loop2): unmounting filesystem. [pid 399] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 406] <... futex resumed>) = 0 [pid 403] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 403] <... futex resumed>) = 0 [pid 399] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 406] +++ killed by SIGBUS +++ [pid 403] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=403, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 299] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./5/binderfs") = 0 [pid 299] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 399] <... futex resumed>) = 0 [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 297] <... umount2 resumed>) = 0 [pid 297] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 297] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./4/file0") = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./4") = 0 [pid 297] mkdir("./5", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 419 ./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x555556fc56a0, 24) = 0 [pid 419] chdir("./5") = 0 [pid 419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 419] setpgid(0, 0) = 0 [pid 419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 402] +++ killed by SIGBUS +++ [pid 399] +++ killed by SIGBUS +++ [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=399, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 296] restart_syscall(<... resuming interrupted clone ...> [pid 419] <... openat resumed>) = 3 [pid 419] write(3, "1000", 4 [pid 296] <... restart_syscall resumed>) = 0 [pid 296] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./4/binderfs") = 0 [pid 296] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 419] <... write resumed>) = 4 [pid 419] close(3 [pid 410] <... mount resumed>) = 0 [pid 408] <... mount resumed>) = 0 [pid 419] <... close resumed>) = 0 [pid 410] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 419] symlink("/dev/binderfs", "./binderfs" [pid 410] <... openat resumed>) = 3 [pid 408] <... openat resumed>) = 3 [pid 419] <... symlink resumed>) = 0 [pid 410] chdir("./file0") = 0 [pid 410] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 410] ioctl(4, LOOP_CLR_FD) = 0 [pid 410] close(4) = 0 [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... futex resumed>) = 1 [pid 410] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000) = 4 [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] chdir("./file0") = 0 [pid 408] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 410] <... futex resumed>) = 1 [pid 419] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 299] <... umount2 resumed>) = 0 [pid 419] <... futex resumed>) = 0 [pid 408] ioctl(4, LOOP_CLR_FD [pid 419] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 408] <... ioctl resumed>) = 0 [pid 419] <... rt_sigaction resumed>NULL, 8) = 0 [pid 408] close(4 [pid 299] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 410] <... write resumed>) = 9 [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] <... futex resumed>) = 0 [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 410] <... futex resumed>) = 1 [pid 410] creat("./bus", 000) = 5 [pid 408] <... close resumed>) = 0 [pid 419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 408] <... futex resumed>) = 1 [pid 407] <... futex resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./5/file0", [pid 419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = 0 [pid 419] <... mmap resumed>) = 0x7f5123aa9000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 419] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 408] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 419] <... mprotect resumed>) = 0 [pid 419] rt_sigprocmask(SIG_BLOCK, ~[], [pid 408] <... open resumed>) = 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 419] <... rt_sigprocmask resumed>[], 8) = 0 [pid 419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 299] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 420 attached [pid 419] <... clone3 resumed> => {parent_tid=[420]}, 88) = 420 [pid 410] <... futex resumed>) = 1 [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 419] rt_sigprocmask(SIG_SETMASK, [], [pid 410] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 1 [pid 407] <... futex resumed>) = 0 [pid 299] newfstatat(4, "", [pid 296] newfstatat(AT_FDCWD, "./4/file0", [pid 420] set_robust_list(0x7f5123ac99a0, 24 [pid 419] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 420] <... set_robust_list resumed>) = 0 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 410] creat("./bus", 000 [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 296] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 420] rt_sigprocmask(SIG_SETMASK, [], [pid 419] <... futex resumed>) = 0 [pid 410] <... creat resumed>) = 6 [pid 408] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 420] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... write resumed>) = 9 [pid 299] getdents64(4, [pid 296] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 420] memfd_create("syzkaller", 0 [pid 410] <... futex resumed>) = 1 [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 410] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 1 [pid 407] <... futex resumed>) = 0 [pid 299] close(4 [pid 296] <... openat resumed>) = 4 [pid 410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 296] newfstatat(4, "", [pid 420] <... memfd_create resumed>) = 3 [pid 410] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 299] rmdir("./5/file0" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 410] <... open resumed>) = 7 [pid 408] creat("./bus", 000 [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... mmap resumed>) = 0x7f511b6a9000 [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... creat resumed>) = 5 [pid 299] <... rmdir resumed>) = 0 [pid 296] getdents64(4, [pid 410] <... futex resumed>) = 1 [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(3, [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 410] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 1 [pid 407] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 296] getdents64(4, [pid 410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 410] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 410] <... mmap resumed>) = 0x20000000 [pid 408] creat("./bus", 000 [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] rmdir("./5" [pid 296] close(4 [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... creat resumed>) = 6 [pid 299] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 410] <... futex resumed>) = 1 [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] mkdir("./6", 0777 [pid 296] rmdir("./4/file0" [pid 410] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 1 [pid 407] <... futex resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 296] getdents64(3, [pid 410] ftruncate(6, 31 [pid 409] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 410] <... ftruncate resumed>) = 0 [pid 408] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] ioctl(3, LOOP_CLR_FD [pid 296] close(3 [pid 410] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... open resumed>) = 7 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... close resumed>) = 0 [pid 410] <... futex resumed>) = 1 [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(3 [pid 296] rmdir("./4" [pid 410] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 409] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 1 [pid 407] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 410] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] mkdir("./5", 0777 [pid 420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 409] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... write resumed>) = 1048576 [pid 409] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 409] <... futex resumed>) = 0 [pid 408] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 408] <... mmap resumed>) = 0x20000000 [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 408] ftruncate(6, 31 [pid 407] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... ftruncate resumed>) = 0 [pid 408] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] <... futex resumed>) = 0 [pid 408] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 407] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 407] <... futex resumed>) = 0 [pid 420] munmap(0x7f511b6a9000, 138412032 [pid 410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [ 23.575224][ T406] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, [ 23.575224][ T402] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, [ 23.575245][ T406] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.583348][ T402] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.609526][ T299] EXT4-fs (loop4): unmounting filesystem. [ 23.616332][ T408] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 23.625326][ T410] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 23.639369][ T296] EXT4-fs (loop1): unmounting filesystem. [pid 420] <... munmap resumed>) = 0 [pid 420] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 420] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 421 attached [pid 409] <... mmap resumed>) = ? [pid 408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 407] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... mkdir resumed>) = 0 [pid 421] set_robust_list(0x555556fc56a0, 24 [pid 410] +++ killed by SIGBUS +++ [pid 409] +++ killed by SIGBUS +++ [pid 407] <... futex resumed>) = ? [pid 299] <... clone resumed>, child_tidptr=0x555556fc5690) = 421 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 421] <... set_robust_list resumed>) = 0 [pid 408] +++ killed by SIGBUS +++ [pid 407] +++ killed by SIGBUS +++ [pid 296] <... openat resumed>) = 3 [pid 421] chdir("./6" [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- [pid 296] ioctl(3, LOOP_CLR_FD [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=409, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 421] <... chdir resumed>) = 0 [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW [pid 421] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 298] <... restart_syscall resumed>) = 0 [pid 296] close(3 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 421] <... prctl resumed>) = 0 [pid 420] <... ioctl resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 420] close(3) = 0 [pid 420] close(4) = 0 [pid 420] mkdir("./file0", 0777) = 0 [pid 420] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 295] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./5/binderfs") = 0 [pid 295] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 421] setpgid(0, 0 [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 422 ./strace-static-x86_64: Process 422 attached [pid 421] <... setpgid resumed>) = 0 [pid 298] umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW [pid 421] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 421] <... openat resumed>) = 3 [pid 298] openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 422] set_robust_list(0x555556fc56a0, 24 [pid 421] write(3, "1000", 4 [pid 298] <... openat resumed>) = 3 [pid 422] <... set_robust_list resumed>) = 0 [pid 421] <... write resumed>) = 4 [pid 298] newfstatat(3, "", [pid 422] chdir("./5" [pid 421] close(3 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 422] <... chdir resumed>) = 0 [pid 421] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 422] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 421] symlink("/dev/binderfs", "./binderfs" [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 422] <... prctl resumed>) = 0 [pid 421] <... symlink resumed>) = 0 [pid 298] umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 422] setpgid(0, 0 [pid 421] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 422] <... setpgid resumed>) = 0 [pid 421] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./4/binderfs", [pid 422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 421] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 422] <... openat resumed>) = 3 [pid 421] <... rt_sigaction resumed>NULL, 8) = 0 [pid 298] unlink("./4/binderfs" [pid 422] write(3, "1000", 4 [pid 421] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] <... unlink resumed>) = 0 [pid 422] <... write resumed>) = 4 [pid 421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 422] close(3 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 422] <... close resumed>) = 0 [pid 421] <... mmap resumed>) = 0x7f5123aa9000 [pid 422] symlink("/dev/binderfs", "./binderfs" [pid 421] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 422] <... symlink resumed>) = 0 [pid 421] <... mprotect resumed>) = 0 [pid 422] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [ 23.680222][ T410] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.689741][ T408] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.696134][ T420] loop2: detected capacity change from 0 to 2048 [ 23.720231][ T295] EXT4-fs (loop0): unmounting filesystem. [pid 421] rt_sigprocmask(SIG_BLOCK, ~[], [pid 422] <... futex resumed>) = 0 [pid 421] <... rt_sigprocmask resumed>[], 8) = 0 [pid 422] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 421] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 422] <... rt_sigaction resumed>NULL, 8) = 0 [pid 422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 421] <... clone3 resumed> => {parent_tid=[423]}, 88) = 423 [pid 422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 421] rt_sigprocmask(SIG_SETMASK, [], [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 421] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 422] <... mmap resumed>) = 0x7f5123aa9000 [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 421] <... futex resumed>) = 0 [pid 422] <... mprotect resumed>) = 0 [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[424]}, 88) = 424 [pid 422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 423 attached [pid 423] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 423] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 423] memfd_create("syzkaller", 0) = 3 [pid 423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 295] <... umount2 resumed>) = 0 [pid 295] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./5/file0") = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./5") = 0 [pid 295] mkdir("./6", 0777) = 0 [pid 423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... umount2 resumed>) = 0 [pid 423] <... write resumed>) = 1048576 [pid 423] munmap(0x7f511b6a9000, 138412032) = 0 [pid 423] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 424 attached [pid 420] <... mount resumed>) = 0 [pid 298] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 424] set_robust_list(0x7f5123ac99a0, 24 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 3 [pid 424] <... set_robust_list resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./4/file0", [pid 295] ioctl(3, LOOP_CLR_FD [pid 424] rt_sigprocmask(SIG_SETMASK, [], [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 298] umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] close(3 [pid 424] memfd_create("syzkaller", 0 [pid 423] <... ioctl resumed>) = 0 [pid 420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... close resumed>) = 0 [pid 423] close(3) = 0 [pid 423] close(4 [pid 420] <... openat resumed>) = 3 [pid 423] <... close resumed>) = 0 [pid 420] chdir("./file0" [pid 423] mkdir("./file0", 0777 [pid 420] <... chdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 424] <... memfd_create resumed>) = 3 [pid 420] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 298] <... openat resumed>) = 4 [pid 420] ioctl(4, LOOP_CLR_FD [pid 424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 298] newfstatat(4, "", [pid 295] <... clone resumed>, child_tidptr=0x555556fc5690) = 427 [pid 420] <... ioctl resumed>) = 0 [pid 420] close(4) = 0 [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 424] <... mmap resumed>) = 0x7f511b6a9000 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(4, [pid 419] <... futex resumed>) = 0 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 1 [pid 420] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 423] <... mkdir resumed>) = 0 [pid 423] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x555556fc56a0, 24) = 0 [pid 427] chdir("./6") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 427] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 298] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./4/file0" [pid 427] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./4") = 0 [pid 298] mkdir("./5", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 428 ./strace-static-x86_64: Process 428 attached [pid 427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 424] <... write resumed>) = 1048576 [pid 420] <... open resumed>) = 4 [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] <... futex resumed>) = 0 [pid 420] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] <... write resumed>) = 9 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] set_robust_list(0x555556fc56a0, 24 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... set_robust_list resumed>) = 0 [pid 420] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = 1 [pid 420] creat("./bus", 000 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 420] <... creat resumed>) = 5 [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 419] <... futex resumed>) = 0 [pid 420] creat("./bus", 000 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] <... mmap resumed>) = 0x7f5123aa9000 [pid 420] <... creat resumed>) = 6 [pid 419] <... futex resumed>) = 0 [pid 427] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 424] munmap(0x7f511b6a9000, 138412032 [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] <... mprotect resumed>) = 0 [pid 424] <... munmap resumed>) = 0 [pid 420] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] rt_sigprocmask(SIG_BLOCK, ~[], [pid 424] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 420] <... open resumed>) = 7 [pid 419] <... futex resumed>) = 0 [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] <... rt_sigprocmask resumed>[], 8) = 0 [pid 424] <... openat resumed>) = 4 [pid 420] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 420] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 424] ioctl(4, LOOP_SET_FD, 3 [pid 420] <... mmap resumed>) = 0x20000000 [pid 419] <... futex resumed>) = 0 [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [ 23.734652][ T298] EXT4-fs (loop3): unmounting filesystem. [ 23.756124][ T420] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 23.759946][ T423] loop4: detected capacity change from 0 to 2048 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 427] <... clone3 resumed> => {parent_tid=[430]}, 88) = 430 [pid 420] ftruncate(6, 31 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... ftruncate resumed>) = 0 [pid 419] <... futex resumed>) = 0 [pid 420] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 420] <... futex resumed>) = 0 [pid 419] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 430 attached [pid 428] chdir("./5" [pid 427] rt_sigprocmask(SIG_SETMASK, [], [pid 424] <... ioctl resumed>) = 0 [pid 419] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... chdir resumed>) = 0 [pid 427] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 424] close(3 [pid 428] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... prctl resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 424] <... close resumed>) = 0 [pid 428] setpgid(0, 0 [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 428] <... setpgid resumed>) = 0 [pid 424] close(4 [pid 428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 424] <... close resumed>) = 0 [pid 428] write(3, "1000", 4) = 4 [pid 424] mkdir("./file0", 0777 [pid 428] close(3) = 0 [pid 424] <... mkdir resumed>) = 0 [pid 428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 424] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 428] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 428] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 428] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] rt_sigprocmask(SIG_BLOCK, ~[], [pid 430] set_robust_list(0x7f5123ac99a0, 24 [pid 428] <... rt_sigprocmask resumed>[], 8) = 0 [pid 430] <... set_robust_list resumed>) = 0 [pid 428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 428] <... clone3 resumed> => {parent_tid=[431]}, 88) = 431 [pid 430] memfd_create("syzkaller", 0 [pid 428] rt_sigprocmask(SIG_SETMASK, [], [pid 430] <... memfd_create resumed>) = 3 [pid 428] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... mmap resumed>) = 0x7f511b6a9000 [pid 428] <... futex resumed>) = 0 ./strace-static-x86_64: Process 431 attached [pid 430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 420] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 419] <... futex resumed>) = -1 (errno 18446744073709551414) [pid 431] set_robust_list(0x7f5123ac99a0, 24 [pid 430] <... write resumed>) = 1048576 [pid 431] <... set_robust_list resumed>) = 0 [pid 430] munmap(0x7f511b6a9000, 138412032 [pid 420] +++ killed by SIGBUS +++ [pid 419] +++ killed by SIGBUS +++ [pid 431] rt_sigprocmask(SIG_SETMASK, [], [pid 430] <... munmap resumed>) = 0 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=419, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 431] memfd_create("syzkaller", 0 [pid 430] <... openat resumed>) = 4 [pid 431] <... memfd_create resumed>) = 3 [ 23.794138][ T424] loop1: detected capacity change from 0 to 2048 [ 23.795085][ T420] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.819620][ T423] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 23.825962][ T430] loop0: detected capacity change from 0 to 2048 [pid 430] ioctl(4, LOOP_SET_FD, 3 [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 423] <... mount resumed>) = 0 [pid 423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 423] chdir("./file0") = 0 [pid 423] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 423] ioctl(4, LOOP_CLR_FD) = 0 [pid 423] close(4) = 0 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 297] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./5/binderfs") = 0 [pid 297] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 431] <... mmap resumed>) = 0x7f511b6a9000 [pid 430] <... ioctl resumed>) = 0 [pid 421] <... futex resumed>) = 0 [pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 430] close(3 [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... write resumed>) = 1048576 [pid 430] <... close resumed>) = 0 [pid 424] <... mount resumed>) = 0 [pid 421] <... futex resumed>) = 1 [pid 431] munmap(0x7f511b6a9000, 138412032 [pid 430] close(4 [pid 423] <... futex resumed>) = 0 [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 423] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 424] chdir("./file0") = 0 [pid 424] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 297] <... umount2 resumed>) = 0 [pid 424] ioctl(4, LOOP_CLR_FD) = 0 [pid 424] close(4) = 0 [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 431] <... munmap resumed>) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_SET_FD, 3 [pid 430] <... close resumed>) = 0 [pid 423] <... open resumed>) = 4 [pid 422] <... futex resumed>) = 0 [pid 297] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 430] mkdir("./file0", 0777 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 430] <... mkdir resumed>) = 0 [pid 424] <... futex resumed>) = 0 [pid 423] <... futex resumed>) = 1 [pid 422] <... futex resumed>) = 1 [pid 421] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./5/file0", [pid 430] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 424] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 423] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 424] <... open resumed>) = 4 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 421] <... futex resumed>) = 0 [pid 297] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 431] <... ioctl resumed>) = 0 [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 431] close(3 [pid 424] <... futex resumed>) = 1 [pid 423] <... write resumed>) = 9 [pid 422] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 431] <... close resumed>) = 0 [pid 424] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 4 [pid 431] close(4 [pid 422] <... futex resumed>) = 0 [pid 297] newfstatat(4, "", [pid 431] <... close resumed>) = 0 [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] mkdir("./file0", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 431] <... mkdir resumed>) = 0 [pid 424] <... write resumed>) = 9 [pid 423] <... futex resumed>) = 1 [pid 421] <... futex resumed>) = 0 [pid 431] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] creat("./bus", 000 [pid 421] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 422] <... futex resumed>) = 0 [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... futex resumed>) = 1 [pid 297] getdents64(4, [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 424] creat("./bus", 000 [pid 422] <... futex resumed>) = 0 [pid 423] <... creat resumed>) = 5 [pid 297] close(4 [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... close resumed>) = 0 [pid 424] <... creat resumed>) = 5 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] rmdir("./5/file0" [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] <... futex resumed>) = 1 [pid 423] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] <... rmdir resumed>) = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./5") = 0 [pid 297] mkdir("./6", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 437 [pid 422] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 0 [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 1 [pid 424] <... futex resumed>) = 0 [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 424] creat("./bus", 000 [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] <... creat resumed>) = 6 [pid 423] <... futex resumed>) = 0 [pid 423] creat("./bus", 000 [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... creat resumed>) = 6 [pid 424] <... futex resumed>) = 1 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 424] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] <... futex resumed>) = 1 [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 423] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] <... futex resumed>) = 0 [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 424] <... open resumed>) = 7 [pid 423] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... open resumed>) = 7 [pid 424] <... futex resumed>) = 1 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 ./strace-static-x86_64: Process 437 attached [pid 424] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] <... futex resumed>) = 1 [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 437] set_robust_list(0x555556fc56a0, 24 [pid 430] <... mount resumed>) = 0 [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 423] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] <... futex resumed>) = 0 [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... set_robust_list resumed>) = 0 [pid 430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 424] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 424] <... mmap resumed>) = 0x20000000 [pid 423] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 437] chdir("./6" [pid 430] <... openat resumed>) = 3 [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] <... mmap resumed>) = 0x20000000 [pid 424] <... futex resumed>) = 1 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 422] <... futex resumed>) = 0 [pid 424] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] <... futex resumed>) = 1 [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 423] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] <... futex resumed>) = 0 [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 424] ftruncate(6, 31 [pid 423] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 437] <... chdir resumed>) = 0 [pid 430] chdir("./file0" [pid 424] <... ftruncate resumed>) = 0 [pid 423] ftruncate(6, 31 [pid 421] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [ 23.839893][ T297] EXT4-fs (loop2): unmounting filesystem. [ 23.840492][ T424] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 23.859330][ T431] loop3: detected capacity change from 0 to 2048 [ 23.875722][ T430] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [pid 437] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 430] <... chdir resumed>) = 0 [pid 424] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... prctl resumed>) = 0 [pid 430] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 424] <... futex resumed>) = 1 [pid 422] <... futex resumed>) = 0 [pid 437] setpgid(0, 0 [pid 430] <... openat resumed>) = 4 [pid 424] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... setpgid resumed>) = 0 [pid 430] ioctl(4, LOOP_CLR_FD [pid 424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 422] <... futex resumed>) = 0 [pid 437] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 431] <... mount resumed>) = 0 [pid 430] <... ioctl resumed>) = 0 [pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 431] chdir("./file0") = 0 [pid 431] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_CLR_FD) = 0 [pid 431] close(4) = 0 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 423] <... ftruncate resumed>) = 0 [pid 423] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 423] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 422] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 437] <... openat resumed>) = 3 [pid 437] write(3, "1000", 4) = 4 [pid 437] close(3) = 0 [pid 437] symlink("/dev/binderfs", "./binderfs") = 0 [pid 437] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 437] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 437] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 437] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 437] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 437] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[440]}, 88) = 440 [pid 437] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 430] close(4) = 0 [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 421] <... futex resumed>) = 0 ./strace-static-x86_64: Process 440 attached [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] set_robust_list(0x7f5123ac99a0, 24 [pid 431] <... futex resumed>) = 0 [pid 430] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = 1 [pid 427] <... futex resumed>) = 1 [pid 424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 423] <... futex resumed>) = 0 [pid 422] <... mmap resumed>) = 0x7f5123a88000 [pid 421] <... futex resumed>) = 1 [pid 440] <... set_robust_list resumed>) = 0 [pid 431] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 430] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] rt_sigprocmask(SIG_SETMASK, [], [pid 431] <... open resumed>) = 4 [pid 430] <... open resumed>) = 4 [pid 424] +++ killed by SIGBUS +++ [pid 422] +++ killed by SIGBUS +++ [pid 421] <... futex resumed>) = 0 [pid 440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 440] memfd_create("syzkaller", 0 [pid 431] <... futex resumed>) = 1 [pid 430] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 440] <... memfd_create resumed>) = 3 [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 440] <... mmap resumed>) = 0x7f511b6a9000 [pid 431] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 430] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 431] <... write resumed>) = 9 [pid 430] <... write resumed>) = 9 [pid 440] <... write resumed>) = 1048576 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=422, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 440] munmap(0x7f511b6a9000, 138412032 [pid 431] <... futex resumed>) = 1 [pid 430] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 440] <... munmap resumed>) = 0 [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 440] <... openat resumed>) = 4 [pid 431] creat("./bus", 000 [pid 430] creat("./bus", 000 [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] ioctl(4, LOOP_SET_FD, 3 [pid 431] <... creat resumed>) = 5 [pid 430] <... creat resumed>) = 5 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 423] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 421] <... mmap resumed>) = ? [pid 423] +++ killed by SIGBUS +++ [pid 421] +++ killed by SIGBUS +++ [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=421, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 299] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./6/binderfs") = 0 [pid 299] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 440] <... ioctl resumed>) = 0 [pid 431] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 296] newfstatat(AT_FDCWD, "./5/binderfs", [pid 440] close(3 [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [ 23.895034][ T431] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 23.896697][ T424] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.923103][ T423] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.934722][ T440] loop2: detected capacity change from 0 to 2048 [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... close resumed>) = 0 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = 0 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 1 [pid 440] close(4 [pid 431] creat("./bus", 000 [pid 430] creat("./bus", 000 [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... close resumed>) = 0 [pid 431] <... creat resumed>) = 6 [pid 430] <... creat resumed>) = 6 [pid 440] mkdir("./file0", 0777 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... mkdir resumed>) = 0 [pid 431] <... futex resumed>) = 1 [pid 430] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 440] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 431] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 430] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... umount2 resumed>) = 0 [pid 431] <... open resumed>) = 7 [pid 430] <... open resumed>) = 7 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = 1 [pid 430] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 431] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 430] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... mmap resumed>) = 0x20000000 [pid 430] <... mmap resumed>) = 0x20000000 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = 1 [pid 430] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 431] ftruncate(6, 31 [pid 430] ftruncate(6, 31 [pid 428] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 427] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... ftruncate resumed>) = 0 [pid 430] <... ftruncate resumed>) = 0 [pid 431] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = 1 [pid 430] <... futex resumed>) = 1 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 431] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 430] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 428] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 299] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] unlink("./5/binderfs" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... unlink resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./6/file0", [pid 296] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./6/file0") = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./6") = 0 [pid 299] mkdir("./7", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x555556fc56a0, 24) = 0 [pid 441] chdir("./7") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs" [pid 428] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 427] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 428] <... futex resumed>) = 0 [pid 427] <... futex resumed>) = 0 [pid 428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 441] <... symlink resumed>) = 0 [pid 441] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 441] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[443]}, 88) = 443 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 428] <... mmap resumed>) = 0x7f5123a88000 [pid 431] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- ./strace-static-x86_64: Process 443 attached [pid 443] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 443] memfd_create("syzkaller", 0) = 3 [pid 443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 431] +++ killed by SIGBUS +++ [pid 428] +++ killed by SIGBUS +++ [pid 430] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 427] <... mmap resumed>) = 0x7f5123a88000 [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=428, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 298] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 298] umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 298] umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./5/binderfs") = 0 [ 23.944851][ T299] EXT4-fs (loop4): unmounting filesystem. [ 23.958067][ T431] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.972917][ T430] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 23.973421][ T296] EXT4-fs (loop1): unmounting filesystem. [pid 298] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 430] +++ killed by SIGBUS +++ [pid 427] +++ killed by SIGBUS +++ [pid 443] <... write resumed>) = 1048576 [pid 443] munmap(0x7f511b6a9000, 138412032) = 0 [pid 443] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=427, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 295] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 295] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] <... umount2 resumed>) = 0 [pid 443] <... openat resumed>) = 4 [pid 443] ioctl(4, LOOP_SET_FD, 3 [pid 295] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] unlink("./6/binderfs") = 0 [pid 295] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, [pid 295] <... umount2 resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 296] close(4 [pid 295] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] <... close resumed>) = 0 [pid 296] rmdir("./5/file0" [pid 295] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... umount2 resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... rmdir resumed>) = 0 [pid 296] getdents64(3, [pid 298] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... openat resumed>) = 4 [pid 298] newfstatat(AT_FDCWD, "./5/file0", [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] getdents64(4, [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] getdents64(4, [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] close(4 [pid 298] <... openat resumed>) = 4 [pid 295] <... close resumed>) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./5" [pid 298] newfstatat(4, "", [pid 295] rmdir("./6/file0" [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 295] getdents64(3, [pid 298] getdents64(4, [pid 295] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 298] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] close(3 [pid 298] getdents64(4, [pid 295] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] rmdir("./6" [pid 298] close(4 [pid 295] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 295] mkdir("./7", 0777 [pid 298] rmdir("./5/file0" [pid 296] <... rmdir resumed>) = 0 [pid 295] <... mkdir resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 298] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] <... openat resumed>) = 3 [pid 298] close(3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 298] <... close resumed>) = 0 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] rmdir("./5" [pid 443] <... ioctl resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 296] mkdir("./6", 0777 [pid 295] close(3 [pid 443] close(3 [pid 440] <... mount resumed>) = 0 [pid 298] mkdir("./6", 0777 [pid 295] <... close resumed>) = 0 [pid 440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 440] chdir("./file0") = 0 [pid 440] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 440] ioctl(4, LOOP_CLR_FD) = 0 [pid 440] close(4) = 0 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] <... futex resumed>) = 0 [pid 440] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] <... futex resumed>) = 0 [pid 440] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... open resumed>) = 4 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] <... futex resumed>) = 0 [pid 440] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] <... futex resumed>) = 0 [pid 440] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... write resumed>) = 9 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] <... futex resumed>) = 0 [pid 440] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] <... futex resumed>) = 0 [pid 440] creat("./bus", 000 [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... creat resumed>) = 5 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 437] <... futex resumed>) = 0 [pid 440] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] <... futex resumed>) = 0 [pid 440] creat("./bus", 000 [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] <... creat resumed>) = 6 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... close resumed>) = 0 [pid 440] <... futex resumed>) = 1 [pid 437] <... futex resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 446 [pid 443] close(4) = 0 [pid 443] mkdir("./file0", 0777 [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 295] <... clone resumed>, child_tidptr=0x555556fc5690) = 447 [pid 443] <... mkdir resumed>) = 0 [pid 443] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue"./strace-static-x86_64: Process 447 attached ./strace-static-x86_64: Process 446 attached [pid 440] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 296] <... mkdir resumed>) = 0 [pid 447] set_robust_list(0x555556fc56a0, 24 [pid 446] set_robust_list(0x555556fc56a0, 24 [pid 440] <... open resumed>) = 7 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 447] <... set_robust_list resumed>) = 0 [pid 446] <... set_robust_list resumed>) = 0 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 447] chdir("./7" [pid 446] chdir("./6" [pid 440] <... futex resumed>) = 1 [pid 437] <... futex resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 447] <... chdir resumed>) = 0 [pid 446] <... chdir resumed>) = 0 [pid 440] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] <... futex resumed>) = 0 [pid 296] close(3 [pid 447] <... prctl resumed>) = 0 [pid 446] <... prctl resumed>) = 0 [pid 440] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... close resumed>) = 0 [pid 447] setpgid(0, 0 [pid 446] setpgid(0, 0 [pid 440] <... mmap resumed>) = 0x20000000 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 447] <... setpgid resumed>) = 0 [pid 446] <... setpgid resumed>) = 0 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 440] <... futex resumed>) = 1 [pid 437] <... futex resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 448 [pid 447] <... openat resumed>) = 3 [pid 446] <... openat resumed>) = 3 [pid 440] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] write(3, "1000", 4 [pid 446] write(3, "1000", 4 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] <... futex resumed>) = 0 [pid 447] <... write resumed>) = 4 [pid 446] <... write resumed>) = 4 [pid 440] ftruncate(6, 31 [pid 437] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] close(3 [pid 446] close(3 [pid 440] <... ftruncate resumed>) = 0 [pid 447] <... close resumed>) = 0 [pid 446] <... close resumed>) = 0 [pid 440] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] symlink("/dev/binderfs", "./binderfs" [pid 446] symlink("/dev/binderfs", "./binderfs" [pid 440] <... futex resumed>) = 1 [pid 437] <... futex resumed>) = 0 ./strace-static-x86_64: Process 448 attached [pid 447] <... symlink resumed>) = 0 [pid 448] set_robust_list(0x555556fc56a0, 24) = 0 [pid 448] chdir("./6") = 0 [pid 448] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 448] setpgid(0, 0) = 0 [pid 448] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 448] write(3, "1000", 4 [pid 440] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 437] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... write resumed>) = 4 [pid 448] close(3 [pid 440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] <... futex resumed>) = 0 [pid 448] <... close resumed>) = 0 [pid 448] symlink("/dev/binderfs", "./binderfs") = 0 [pid 448] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.002646][ T298] EXT4-fs (loop3): unmounting filesystem. [ 24.014300][ T443] loop4: detected capacity change from 0 to 2048 [pid 448] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 448] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 448] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 448] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 448] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 448] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[451]}, 88) = 451 [pid 448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 446] <... symlink resumed>) = 0 [pid 446] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 446] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 446] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 446] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[452]}, 88) = 452 [pid 446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 452] memfd_create("syzkaller", 0) = 3 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 437] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 437] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 443] <... mount resumed>) = 0 [pid 443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 443] chdir("./file0") = 0 [pid 443] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 443] ioctl(4, LOOP_CLR_FD) = 0 [pid 443] close(4) = 0 [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 1 [pid 441] <... futex resumed>) = 0 [pid 447] <... futex resumed>) = 0 [pid 447] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 443] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... rt_sigaction resumed>NULL, 8) = 0 [pid 443] <... open resumed>) = 4 [pid 441] <... futex resumed>) = 0 [pid 447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 443] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] <... mmap resumed>) = 0x7f5123aa9000 [pid 447] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... futex resumed>) = 0 [pid 441] <... futex resumed>) = 1 [pid 447] rt_sigprocmask(SIG_BLOCK, ~[], [pid 443] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... rt_sigprocmask resumed>[], 8) = 0 [pid 443] <... write resumed>) = 9 [pid 447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] munmap(0x7f511b6a9000, 138412032 [pid 443] <... futex resumed>) = 1 [pid 441] <... futex resumed>) = 0 ./strace-static-x86_64: Process 453 attached ./strace-static-x86_64: Process 451 attached [pid 443] creat("./bus", 000 [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... clone3 resumed> => {parent_tid=[453]}, 88) = 453 [pid 453] set_robust_list(0x7f5123ac99a0, 24 [pid 443] <... creat resumed>) = 5 [pid 441] <... futex resumed>) = 0 [pid 437] <... mmap resumed>) = 0x7f5123a88000 [pid 447] rt_sigprocmask(SIG_SETMASK, [], [pid 453] <... set_robust_list resumed>) = 0 [pid 451] set_robust_list(0x7f5123ac99a0, 24 [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 453] rt_sigprocmask(SIG_SETMASK, [], [pid 451] <... set_robust_list resumed>) = 0 [pid 447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 443] <... futex resumed>) = 0 [pid 441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 437] ????( [pid 453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 451] rt_sigprocmask(SIG_SETMASK, [], [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 437] <... ???? resumed>) = ? [pid 453] memfd_create("syzkaller", 0 [pid 452] <... munmap resumed>) = 0 [pid 451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 447] <... futex resumed>) = 0 [pid 443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 441] <... futex resumed>) = 0 [pid 453] <... memfd_create resumed>) = 3 [pid 452] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 451] memfd_create("syzkaller", 0 [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 443] creat("./bus", 000 [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 451] <... memfd_create resumed>) = 3 [pid 443] <... creat resumed>) = 6 [pid 452] <... openat resumed>) = 4 [pid 453] <... mmap resumed>) = 0x7f511b6a9000 [pid 452] ioctl(4, LOOP_SET_FD, 3 [pid 451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 440] +++ killed by SIGBUS +++ [pid 437] +++ killed by SIGBUS +++ [pid 453] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 451] <... mmap resumed>) = 0x7f511b6a9000 [pid 443] <... futex resumed>) = 1 [pid 441] <... futex resumed>) = 0 [pid 452] <... ioctl resumed>) = 0 [pid 451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 443] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=437, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 443] <... open resumed>) = 7 [pid 441] <... futex resumed>) = 0 [pid 297] restart_syscall(<... resuming interrupted clone ...> [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... restart_syscall resumed>) = 0 [pid 443] <... futex resumed>) = 0 [pid 441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 443] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 443] <... mmap resumed>) = 0x20000000 [pid 441] <... futex resumed>) = 0 [pid 297] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 443] <... futex resumed>) = 0 [pid 441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 443] ftruncate(6, 31 [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 3 [pid 443] <... ftruncate resumed>) = 0 [pid 441] <... futex resumed>) = 0 [pid 297] newfstatat(3, "", [pid 443] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 443] <... futex resumed>) = 0 [pid 441] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] getdents64(3, [pid 443] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 443] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 441] <... futex resumed>) = 0 [pid 297] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 453] <... write resumed>) = 1048576 [pid 452] close(3 [pid 451] <... write resumed>) = 1048576 [pid 452] <... close resumed>) = 0 [pid 452] close(4) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 453] munmap(0x7f511b6a9000, 138412032) = 0 [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 24.058395][ T440] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.082595][ T452] loop3: detected capacity change from 0 to 2048 [ 24.093285][ T443] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 453] ioctl(4, LOOP_SET_FD, 3 [pid 441] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 441] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./6/binderfs", [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./6/binderfs") = 0 [pid 297] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 453] <... ioctl resumed>) = 0 [pid 453] close(3) = 0 [pid 453] close(4) = 0 [pid 453] mkdir("./file0", 0777) = 0 [pid 453] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 441] <... mmap resumed>) = 0x7f5123a88000 [pid 441] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123aa8990, parent_tid=0x7f5123aa8990, exit_signal=0, stack=0x7f5123a88000, stack_size=0x20300, tls=0x7f5123aa86c0} => {parent_tid=[454]}, 88) = 454 [pid 441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 441] futex(0x7f5123b95718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f5123b9571c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 443] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 441] <... futex resumed>) = ? [pid 443] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 454 attached [pid 297] <... umount2 resumed>) = 0 [pid 454] +++ killed by SIGBUS +++ [pid 441] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 299] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 299] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, [pid 452] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./7/binderfs") = 0 [pid 299] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 451] munmap(0x7f511b6a9000, 138412032) = 0 [pid 451] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 451] ioctl(4, LOOP_SET_FD, 3 [pid 297] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 451] <... ioctl resumed>) = 0 [pid 451] close(3) = 0 [pid 451] close(4) = 0 [pid 451] mkdir("./file0", 0777) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 451] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 453] <... mount resumed>) = 0 [pid 453] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 453] chdir("./file0") = 0 [pid 299] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 453] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 452] <... mount resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 453] <... openat resumed>) = 4 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./6/file0", [pid 453] ioctl(4, LOOP_CLR_FD [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] newfstatat(AT_FDCWD, "./7/file0", [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 453] <... ioctl resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 453] close(4 [pid 297] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 453] <... close resumed>) = 0 [pid 299] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./6/file0") = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] close(3) = 0 [pid 297] rmdir("./6") = 0 [pid 297] mkdir("./7", 0777) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 3 [pid 297] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 297] close(3) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 459 [pid 453] <... futex resumed>) = 1 [pid 447] <... futex resumed>) = 0 [pid 453] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 447] <... futex resumed>) = 0 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 453] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 452] <... openat resumed>) = 3 [pid 299] <... openat resumed>) = 4 [pid 452] chdir("./file0" [pid 299] newfstatat(4, "", [pid 452] <... chdir resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] getdents64(4, ./strace-static-x86_64: Process 459 attached [pid 453] <... open resumed>) = 4 [pid 452] <... openat resumed>) = 4 [pid 299] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 452] ioctl(4, LOOP_CLR_FD [pid 299] getdents64(4, [pid 452] <... ioctl resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 452] close(4 [pid 299] close(4 [pid 452] <... close resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] rmdir("./7/file0" [pid 459] set_robust_list(0x555556fc56a0, 24 [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 452] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 299] getdents64(3, [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./7" [pid 459] <... set_robust_list resumed>) = 0 [pid 453] <... futex resumed>) = 1 [pid 447] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 453] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 452] <... open resumed>) = 4 [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] mkdir("./8", 0777 [pid 459] chdir("./7" [pid 453] <... write resumed>) = 9 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 299] <... mkdir resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 452] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 3 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 299] ioctl(3, LOOP_CLR_FD [pid 452] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 459] <... chdir resumed>) = 0 [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... write resumed>) = 9 [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] close(3 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 453] <... futex resumed>) = 0 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 459] <... prctl resumed>) = 0 [pid 453] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 299] <... clone resumed>, child_tidptr=0x555556fc5690) = 461 [pid 452] creat("./bus", 000 [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 461 attached [pid 459] setpgid(0, 0 [pid 452] <... creat resumed>) = 5 [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... setpgid resumed>) = 0 [pid 453] <... futex resumed>) = 0 [pid 452] <... futex resumed>) = 1 [pid 447] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 0 [pid 452] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 452] creat("./bus", 000 [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... creat resumed>) = 6 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 446] <... futex resumed>) = 0 [pid 452] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 453] creat("./bus", 000 [pid 452] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] set_robust_list(0x555556fc56a0, 24 [pid 453] <... creat resumed>) = 5 [pid 452] <... open resumed>) = 7 [pid 461] <... set_robust_list resumed>) = 0 [pid 459] <... openat resumed>) = 3 [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] chdir("./8" [pid 459] write(3, "1000", 4 [pid 453] <... futex resumed>) = 1 [pid 452] <... futex resumed>) = 1 [pid 447] <... futex resumed>) = 0 [pid 446] <... futex resumed>) = 0 [pid 452] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 461] <... chdir resumed>) = 0 [pid 459] <... write resumed>) = 4 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 452] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 447] <... futex resumed>) = 0 [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 459] close(3 [pid 453] creat("./bus", 000 [pid 452] <... mmap resumed>) = 0x20000000 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... close resumed>) = 0 [pid 453] <... creat resumed>) = 6 [pid 452] <... futex resumed>) = 1 [pid 446] <... futex resumed>) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs" [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 453] <... futex resumed>) = 1 [pid 452] ftruncate(6, 31 [pid 447] <... futex resumed>) = 0 [pid 446] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 459] <... symlink resumed>) = 0 [pid 453] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 452] <... ftruncate resumed>) = 0 [pid 452] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 24.099152][ T453] loop0: detected capacity change from 0 to 2048 [ 24.125397][ T451] loop1: detected capacity change from 0 to 2048 [pid 446] <... futex resumed>) = 0 [pid 452] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 446] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 446] <... futex resumed>) = 0 [pid 461] <... prctl resumed>) = 0 [pid 459] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 453] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] setpgid(0, 0 [pid 459] <... futex resumed>) = 0 [pid 453] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 447] <... futex resumed>) = 0 [pid 461] <... setpgid resumed>) = 0 [pid 459] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 453] <... open resumed>) = 7 [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 459] <... rt_sigaction resumed>NULL, 8) = 0 [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 461] <... openat resumed>) = 3 [pid 459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 453] <... futex resumed>) = 0 [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] write(3, "1000", 4 [pid 459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 453] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 447] <... futex resumed>) = 0 [pid 461] <... write resumed>) = 4 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 453] <... mmap resumed>) = 0x20000000 [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] close(3 [pid 459] <... mmap resumed>) = 0x7f5123aa9000 [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 461] <... close resumed>) = 0 [pid 459] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 453] <... futex resumed>) = 0 [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] symlink("/dev/binderfs", "./binderfs" [pid 459] <... mprotect resumed>) = 0 [pid 453] ftruncate(6, 31 [pid 447] <... futex resumed>) = 0 [pid 461] <... symlink resumed>) = 0 [pid 459] rt_sigprocmask(SIG_BLOCK, ~[], [pid 453] <... ftruncate resumed>) = 0 [pid 447] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... rt_sigprocmask resumed>[], 8) = 0 [pid 453] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 461] <... futex resumed>) = 0 [pid 459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 453] <... futex resumed>) = 0 [pid 447] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 451] <... mount resumed>) = 0 [pid 446] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 446] <... futex resumed>) = 0 [pid 451] <... openat resumed>) = 3 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 451] chdir("./file0") = 0 [pid 451] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 451] ioctl(4, LOOP_CLR_FD) = 0 [pid 451] close(4) = 0 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 451] <... open resumed>) = 4 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 451] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 451] <... write resumed>) = 9 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 451] creat("./bus", 000 [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 451] <... creat resumed>) = 5 [pid 447] <... futex resumed>) = 0 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 451] creat("./bus", 000 [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 461] <... rt_sigaction resumed>NULL, 8) = 0 [pid 451] <... creat resumed>) = 6 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 448] <... futex resumed>) = 0 [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 461] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 451] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 0 [pid 461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 459] <... clone3 resumed> => {parent_tid=[463]}, 88) = 463 [pid 451] <... open resumed>) = 7 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] rt_sigprocmask(SIG_SETMASK, [], [pid 461] <... mmap resumed>) = 0x7f5123aa9000 [pid 459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 451] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 461] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 461] <... mprotect resumed>) = 0 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 451] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 463 attached [pid 461] rt_sigprocmask(SIG_BLOCK, ~[], [pid 451] <... mmap resumed>) = 0x20000000 [pid 463] set_robust_list(0x7f5123ac99a0, 24 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... set_robust_list resumed>) = 0 [pid 461] <... rt_sigprocmask resumed>[], 8) = 0 [pid 451] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 463] rt_sigprocmask(SIG_SETMASK, [], [pid 461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 463] memfd_create("syzkaller", 0 [pid 451] ftruncate(6, 31 [pid 448] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 464 attached [pid 463] <... memfd_create resumed>) = 3 [pid 461] <... clone3 resumed> => {parent_tid=[464]}, 88) = 464 [pid 451] <... ftruncate resumed>) = 0 [pid 463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 451] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... mmap resumed>) = 0x7f511b6a9000 [pid 451] <... futex resumed>) = 1 [pid 448] <... futex resumed>) = 0 [pid 464] set_robust_list(0x7f5123ac99a0, 24 [pid 461] rt_sigprocmask(SIG_SETMASK, [], [pid 453] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 451] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 448] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... mmap resumed>) = -1 (errno 18446744073709551414) [pid 446] <... mmap resumed>) = -1 (errno 18446744073709551414) [pid 464] <... set_robust_list resumed>) = 0 [pid 461] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 448] <... futex resumed>) = 0 [pid 464] rt_sigprocmask(SIG_SETMASK, [], [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 461] <... futex resumed>) = 0 [pid 453] +++ killed by SIGBUS +++ [pid 447] +++ killed by SIGBUS +++ [pid 464] memfd_create("syzkaller", 0 [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 464] <... memfd_create resumed>) = 3 [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 464] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 295] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 464] <... mmap resumed>) = 0x7f511b6a9000 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 464] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 295] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 464] <... write resumed>) = 1048576 [pid 295] <... openat resumed>) = 3 [pid 464] munmap(0x7f511b6a9000, 138412032 [pid 295] newfstatat(3, "", [pid 464] <... munmap resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 464] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 295] getdents64(3, [pid 464] <... openat resumed>) = 4 [pid 295] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [ 24.165625][ T452] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.180721][ T453] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 464] ioctl(4, LOOP_SET_FD, 3 [pid 295] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 452] +++ killed by SIGBUS +++ [pid 451] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 448] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] +++ killed by SIGBUS +++ [pid 463] <... write resumed>) = 1048576 [pid 448] <... futex resumed>) = ? [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=446, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 463] munmap(0x7f511b6a9000, 138412032 [pid 451] +++ killed by SIGBUS +++ [pid 448] +++ killed by SIGBUS +++ [pid 463] <... munmap resumed>) = 0 [pid 463] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 463] <... openat resumed>) = 4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 463] ioctl(4, LOOP_SET_FD, 3 [pid 298] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 464] <... ioctl resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 464] close(3 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=448, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 295] newfstatat(AT_FDCWD, "./7/binderfs", [pid 464] <... close resumed>) = 0 [pid 296] umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 464] close(4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] unlink("./7/binderfs" [pid 464] <... close resumed>) = 0 [pid 296] openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... unlink resumed>) = 0 [pid 464] mkdir("./file0", 0777 [pid 296] <... openat resumed>) = 3 [pid 295] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 464] <... mkdir resumed>) = 0 [pid 296] newfstatat(3, "", [pid 464] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 463] <... ioctl resumed>) = 0 [pid 298] <... openat resumed>) = 3 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 463] close(3 [pid 298] newfstatat(3, "", [pid 463] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 463] close(4 [pid 298] getdents64(3, [pid 463] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] <... umount2 resumed>) = 0 [pid 463] mkdir("./file0", 0777 [pid 298] umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 463] <... mkdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 463] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 298] newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] unlink("./6/binderfs") = 0 [pid 296] unlink("./6/binderfs" [pid 298] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... unlink resumed>) = 0 [pid 295] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 295] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] close(4) = 0 [pid 295] rmdir("./7/file0") = 0 [pid 295] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] close(3) = 0 [pid 295] rmdir("./7") = 0 [pid 295] mkdir("./8", 0777) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [pid 295] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 465 ./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x555556fc56a0, 24) = 0 [pid 465] chdir("./8") = 0 [pid 465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 465] setpgid(0, 0) = 0 [pid 465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 465] write(3, "1000", 4) = 4 [pid 296] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] newfstatat(4, "", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 465] close(3) = 0 [pid 465] symlink("/dev/binderfs", "./binderfs" [pid 298] getdents64(4, [pid 296] newfstatat(AT_FDCWD, "./6/file0", [pid 465] <... symlink resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 465] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] getdents64(4, [pid 296] umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 465] <... futex resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 465] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 298] close(4 [pid 296] openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 465] <... rt_sigaction resumed>NULL, 8) = 0 [pid 465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 298] <... close resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] rmdir("./6/file0" [pid 296] newfstatat(4, "", [pid 465] <... mmap resumed>) = 0x7f5123aa9000 [pid 465] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 298] <... rmdir resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 465] <... mprotect resumed>) = 0 [pid 465] rt_sigprocmask(SIG_BLOCK, ~[], [pid 298] getdents64(3, [pid 296] getdents64(4, [pid 465] <... rt_sigprocmask resumed>[], 8) = 0 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[468]}, 88) = 468 [pid 465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 298] close(3) = 0 [pid 298] rmdir("./6" [pid 464] <... mount resumed>) = 0 [pid 298] <... rmdir resumed>) = 0 [pid 464] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] mkdir("./7", 0777 [pid 464] <... openat resumed>) = 3 ./strace-static-x86_64: Process 468 attached [pid 464] chdir("./file0" [pid 296] getdents64(4, [pid 468] set_robust_list(0x7f5123ac99a0, 24 [pid 464] <... chdir resumed>) = 0 [pid 298] <... mkdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 464] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 298] close(3) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 464] <... openat resumed>) = 4 [pid 296] close(4 [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 469 ./strace-static-x86_64: Process 469 attached [pid 469] set_robust_list(0x555556fc56a0, 24) = 0 [pid 469] chdir("./7") = 0 [pid 469] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 469] setpgid(0, 0) = 0 [pid 469] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 469] write(3, "1000", 4) = 4 [pid 469] close(3) = 0 [pid 469] symlink("/dev/binderfs", "./binderfs") = 0 [pid 469] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 469] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 469] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 469] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 469] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[470]}, 88) = 470 [pid 469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 296] <... close resumed>) = 0 [pid 464] ioctl(4, LOOP_CLR_FD [pid 296] rmdir("./6/file0" [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 470 attached [pid 470] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 470] rt_sigprocmask(SIG_SETMASK, [], [pid 464] <... ioctl resumed>) = 0 [pid 470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] memfd_create("syzkaller", 0) = 3 [pid 470] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 296] <... rmdir resumed>) = 0 [pid 464] close(4 [pid 470] <... mmap resumed>) = 0x7f511b6a9000 [pid 464] <... close resumed>) = 0 [pid 296] getdents64(3, [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 464] <... futex resumed>) = 1 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 461] <... futex resumed>) = 0 [pid 296] close(3 [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... close resumed>) = 0 [pid 464] <... open resumed>) = 4 [pid 296] rmdir("./6") = 0 [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 461] <... futex resumed>) = 0 [pid 296] mkdir("./7", 0777 [pid 464] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... mkdir resumed>) = 0 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... write resumed>) = 9 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 464] <... futex resumed>) = 1 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] creat("./bus", 000 [pid 461] <... futex resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... creat resumed>) = 5 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] close(3 [pid 464] <... futex resumed>) = 1 [pid 461] <... futex resumed>) = 0 [pid 464] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 461] <... futex resumed>) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 464] creat("./bus", 000 [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... creat resumed>) = 6 [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 472 [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 461] <... futex resumed>) = 0 [pid 464] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 461] <... futex resumed>) = 0 [pid 464] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... open resumed>) = 7 [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 461] <... futex resumed>) = 0 [pid 464] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 461] <... futex resumed>) = 0 [pid 464] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] <... mmap resumed>) = 0x20000000 [ 24.202544][ T451] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.215263][ T464] loop4: detected capacity change from 0 to 2048 [ 24.223631][ T463] loop2: detected capacity change from 0 to 2048 [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 464] ftruncate(6, 31 [pid 461] <... futex resumed>) = 0 [pid 464] <... ftruncate resumed>) = 0 [pid 461] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 464] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 461] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 464] <... futex resumed>) = 0 [pid 461] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 472 attached [pid 472] set_robust_list(0x555556fc56a0, 24) = 0 [pid 472] chdir("./7") = 0 [pid 472] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 472] setpgid(0, 0) = 0 [pid 472] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 472] write(3, "1000", 4) = 4 [pid 472] close(3) = 0 [pid 472] symlink("/dev/binderfs", "./binderfs") = 0 [pid 472] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 472] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 472] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 472] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 472] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[473]}, 88) = 473 [pid 472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 470] <... write resumed>) = 1048576 [pid 470] munmap(0x7f511b6a9000, 138412032) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 470] ioctl(4, LOOP_SET_FD, 3 [pid 461] <... futex resumed>) = 0 [pid 461] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 461] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 468] <... set_robust_list resumed>) = 0 [pid 470] <... ioctl resumed>) = 0 [pid 470] close(3) = 0 [pid 470] close(4) = 0 [pid 470] mkdir("./file0", 0777 [pid 468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 470] <... mkdir resumed>) = 0 [pid 470] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 468] memfd_create("syzkaller", 0) = 3 [pid 468] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 461] <... mmap resumed>) = 0x7f5123a88000 [pid 461] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 461] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 461] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123aa8990, parent_tid=0x7f5123aa8990, exit_signal=0, stack=0x7f5123a88000, stack_size=0x20300, tls=0x7f5123aa86c0} ) = ? [pid 464] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 473] memfd_create("syzkaller", 0) = 3 [pid 473] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 461] +++ killed by SIGBUS +++ [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=461, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 468] <... mmap resumed>) = 0x7f511b6a9000 [pid 299] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./8/binderfs") = 0 [pid 299] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0 [pid 299] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./8/file0") = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./8") = 0 [pid 299] mkdir("./9", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 477 [pid 473] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576./strace-static-x86_64: Process 477 attached ) = 1048576 [pid 470] <... mount resumed>) = 0 [pid 468] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 463] <... mount resumed>) = 0 [pid 470] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 477] set_robust_list(0x555556fc56a0, 24 [pid 470] <... openat resumed>) = 3 [pid 477] <... set_robust_list resumed>) = 0 [pid 463] <... openat resumed>) = 3 [pid 470] chdir("./file0" [pid 473] munmap(0x7f511b6a9000, 138412032 [pid 463] chdir("./file0" [pid 470] <... chdir resumed>) = 0 [pid 463] <... chdir resumed>) = 0 [pid 470] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 463] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 470] <... openat resumed>) = 4 [pid 470] ioctl(4, LOOP_CLR_FD [pid 463] <... openat resumed>) = 4 [pid 470] <... ioctl resumed>) = 0 [ 24.276474][ T464] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.284096][ T470] loop3: detected capacity change from 0 to 2048 [pid 463] ioctl(4, LOOP_CLR_FD [pid 477] chdir("./9" [pid 470] close(4 [pid 463] <... ioctl resumed>) = 0 [pid 477] <... chdir resumed>) = 0 [pid 473] <... munmap resumed>) = 0 [pid 470] <... close resumed>) = 0 [pid 468] <... write resumed>) = 1048576 [pid 463] close(4 [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... close resumed>) = 0 [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 1 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 463] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 470] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... open resumed>) = 4 [pid 459] <... futex resumed>) = 0 [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 470] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 470] <... write resumed>) = 9 [pid 463] <... futex resumed>) = 0 [pid 459] <... futex resumed>) = 1 [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 477] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... prctl resumed>) = 0 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 477] setpgid(0, 0 [pid 470] creat("./bus", 000 [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... setpgid resumed>) = 0 [pid 470] <... creat resumed>) = 5 [pid 477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... openat resumed>) = 3 [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 463] <... open resumed>) = 4 [pid 477] write(3, "1000", 4 [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... write resumed>) = 4 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 477] close(3 [pid 470] creat("./bus", 000 [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... close resumed>) = 0 [pid 470] <... creat resumed>) = 6 [pid 468] munmap(0x7f511b6a9000, 138412032 [pid 463] <... futex resumed>) = 1 [pid 459] <... futex resumed>) = 0 [pid 477] symlink("/dev/binderfs", "./binderfs" [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... munmap resumed>) = 0 [pid 463] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... symlink resumed>) = 0 [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] <... futex resumed>) = 0 [pid 477] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... openat resumed>) = 4 [pid 463] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... futex resumed>) = 0 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 477] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 470] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] ioctl(4, LOOP_SET_FD, 3 [pid 477] <... rt_sigaction resumed>NULL, 8) = 0 [pid 470] <... open resumed>) = 7 [pid 463] <... write resumed>) = 9 [pid 477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 473] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = 1 [pid 477] <... mmap resumed>) = 0x7f5123aa9000 [pid 473] <... openat resumed>) = 4 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 468] <... ioctl resumed>) = 0 [pid 463] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] <... futex resumed>) = 0 [pid 477] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 473] ioctl(4, LOOP_SET_FD, 3 [pid 470] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] <... mprotect resumed>) = 0 [pid 470] <... mmap resumed>) = 0x20000000 [pid 468] close(3 [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... close resumed>) = 0 [pid 463] <... futex resumed>) = 0 [pid 459] <... futex resumed>) = 1 [pid 468] close(4 [pid 463] creat("./bus", 000 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] rt_sigprocmask(SIG_BLOCK, ~[], [pid 473] <... ioctl resumed>) = 0 [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... rt_sigprocmask resumed>[], 8) = 0 [pid 473] close(3 [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 473] <... close resumed>) = 0 [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] close(4 [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 [pid 463] <... creat resumed>) = 5 [pid 477] <... clone3 resumed> => {parent_tid=[478]}, 88) = 478 [pid 473] <... close resumed>) = 0 [pid 470] ftruncate(6, 31 [pid 469] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 477] rt_sigprocmask(SIG_SETMASK, [], [pid 473] mkdir("./file0", 0777 [pid 470] <... ftruncate resumed>) = 0 [pid 477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 473] <... mkdir resumed>) = 0 [pid 470] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 470] <... futex resumed>) = 1 [pid 469] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = 0 [pid 470] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 469] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 470] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 469] <... futex resumed>) = 0 ./strace-static-x86_64: Process 478 attached [pid 468] <... close resumed>) = 0 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] set_robust_list(0x7f5123ac99a0, 24 [pid 468] mkdir("./file0", 0777 [pid 463] <... futex resumed>) = 1 [pid 459] <... futex resumed>) = 0 [pid 478] <... set_robust_list resumed>) = 0 [pid 468] <... mkdir resumed>) = 0 [pid 463] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] rt_sigprocmask(SIG_SETMASK, [], [pid 468] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] <... futex resumed>) = 0 [pid 478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 463] creat("./bus", 000 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] memfd_create("syzkaller", 0 [pid 469] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... creat resumed>) = 6 [pid 478] <... memfd_create resumed>) = 3 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 463] <... futex resumed>) = 1 [pid 459] <... futex resumed>) = 0 [pid 469] <... futex resumed>) = 0 [pid 470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 469] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = ? [pid 470] +++ killed by SIGBUS +++ [pid 469] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=469, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 463] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] <... futex resumed>) = 0 [pid 463] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... mmap resumed>) = 0x7f511b6a9000 [pid 463] <... open resumed>) = 7 [pid 298] <... restart_syscall resumed>) = 0 [pid 478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 473] <... mount resumed>) = 0 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 463] <... futex resumed>) = 1 [pid 459] <... futex resumed>) = 0 [pid 473] <... openat resumed>) = 3 [pid 463] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 298] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 473] chdir("./file0" [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 473] <... chdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 473] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... openat resumed>) = 3 [pid 473] <... openat resumed>) = 4 [pid 298] newfstatat(3, "", [pid 473] ioctl(4, LOOP_CLR_FD [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 473] <... ioctl resumed>) = 0 [pid 298] getdents64(3, [pid 473] close(4 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 473] <... close resumed>) = 0 [pid 298] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 473] <... futex resumed>) = 1 [pid 472] <... futex resumed>) = 0 [pid 298] newfstatat(AT_FDCWD, "./7/binderfs", [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 298] unlink("./7/binderfs" [pid 473] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] <... unlink resumed>) = 0 [pid 473] <... open resumed>) = 4 [pid 298] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 473] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... write resumed>) = 9 [pid 463] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 459] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 463] <... mmap resumed>) = 0x20000000 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 24.332488][ T468] loop0: detected capacity change from 0 to 2048 [ 24.339438][ T473] loop1: detected capacity change from 0 to 2048 [ 24.349148][ T470] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 473] creat("./bus", 000 [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 463] <... futex resumed>) = 0 [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... creat resumed>) = 5 [pid 463] ftruncate(6, 31 [pid 459] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 473] creat("./bus", 000 [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... creat resumed>) = 6 [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 473] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... open resumed>) = 7 [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 473] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... mmap resumed>) = 0x20000000 [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 473] ftruncate(6, 31 [pid 472] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 473] <... ftruncate resumed>) = 0 [pid 473] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 472] <... futex resumed>) = 0 [pid 473] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 472] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 472] <... futex resumed>) = 0 [pid 478] <... write resumed>) = 1048576 [pid 463] <... ftruncate resumed>) = 0 [pid 459] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] munmap(0x7f511b6a9000, 138412032 [pid 463] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 478] <... munmap resumed>) = 0 [pid 463] <... futex resumed>) = 0 [pid 459] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 472] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 472] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 468] <... mount resumed>) = 0 [pid 468] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 468] chdir("./file0") = 0 [pid 468] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 468] ioctl(4, LOOP_CLR_FD) = 0 [pid 468] close(4) = 0 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 468] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... open resumed>) = 4 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 468] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... write resumed>) = 9 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 468] creat("./bus", 000 [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... creat resumed>) = 5 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 468] creat("./bus", 000 [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... creat resumed>) = 6 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 468] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... open resumed>) = 7 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 468] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... mmap resumed>) = 0x20000000 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 468] ftruncate(6, 31 [pid 465] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 468] <... ftruncate resumed>) = 0 [pid 468] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 465] <... futex resumed>) = 0 [pid 468] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 465] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 468] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 465] <... futex resumed>) = 0 [pid 478] <... openat resumed>) = 4 [pid 459] <... futex resumed>) = 0 [pid 478] ioctl(4, LOOP_SET_FD, 3 [pid 459] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 472] <... mmap resumed>) = 0x7f5123a88000 [pid 468] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 465] syscall_0x7f5123a88000(0xffffff00, 0x7fff1a311084, 0x40000001, 0, 0x7fff1a3ea080, 0x7fff1a3ea0b0 [pid 463] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 473] +++ killed by SIGBUS +++ [pid 472] +++ killed by SIGBUS +++ [pid 468] +++ killed by SIGBUS +++ [pid 465] +++ killed by SIGBUS +++ [pid 459] <... futex resumed>) = ? [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 298] newfstatat(AT_FDCWD, "./7/file0", [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=472, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 463] +++ killed by SIGBUS +++ [pid 298] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./7/file0" [pid 459] +++ killed by SIGBUS +++ [pid 298] <... rmdir resumed>) = 0 [pid 298] getdents64(3, [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 298] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 297] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] rmdir("./7" [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... rmdir resumed>) = 0 [pid 297] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] mkdir("./8", 0777 [pid 297] <... openat resumed>) = 3 [pid 298] <... mkdir resumed>) = 0 [pid 297] newfstatat(3, "", [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] <... openat resumed>) = 3 [pid 297] getdents64(3, [pid 298] ioctl(3, LOOP_CLR_FD [pid 297] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 297] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] close(3 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... close resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./7/binderfs", [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] unlink("./7/binderfs" [pid 296] openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 483 [pid 297] <... unlink resumed>) = 0 [pid 296] <... openat resumed>) = 3 [pid 297] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] newfstatat(3, "", [pid 295] <... openat resumed>) = 3 ./strace-static-x86_64: Process 483 attached [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(3, "", [pid 296] getdents64(3, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 483] set_robust_list(0x555556fc56a0, 24) = 0 [pid 478] <... ioctl resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] getdents64(3, [pid 296] umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./7/binderfs", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 483] chdir("./8" [pid 296] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] newfstatat(AT_FDCWD, "./8/binderfs", [pid 483] <... chdir resumed>) = 0 [pid 483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 483] setpgid(0, 0) = 0 [pid 483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 296] unlink("./7/binderfs" [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 483] write(3, "1000", 4) = 4 [pid 483] close(3) = 0 [pid 483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] <... unlink resumed>) = 0 [pid 295] unlink("./8/binderfs" [pid 483] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 483] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[484]}, 88) = 484 [pid 483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 478] close(3) = 0 [pid 478] close(4) = 0 [pid 478] mkdir("./file0", 0777) = 0 [pid 478] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 297] <... umount2 resumed>) = 0 [pid 295] <... unlink resumed>) = 0 [pid 296] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 484 attached [pid 295] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 484] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 484] memfd_create("syzkaller", 0) = 3 [pid 484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 296] <... umount2 resumed>) = 0 [pid 484] <... write resumed>) = 1048576 [pid 484] munmap(0x7f511b6a9000, 138412032) = 0 [pid 484] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [ 24.383004][ T473] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.389711][ T463] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.404753][ T468] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.420102][ T478] loop4: detected capacity change from 0 to 2048 [pid 484] ioctl(4, LOOP_SET_FD, 3 [pid 297] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... umount2 resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./7/file0", [pid 297] newfstatat(AT_FDCWD, "./7/file0", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] newfstatat(AT_FDCWD, "./8/file0", [pid 297] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] <... openat resumed>) = 4 [pid 296] openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] newfstatat(4, "", [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... openat resumed>) = 4 [pid 295] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] getdents64(4, [pid 296] newfstatat(4, "", [pid 295] <... openat resumed>) = 4 [pid 297] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] newfstatat(4, "", [pid 297] getdents64(4, [pid 296] getdents64(4, [pid 297] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 297] close(4 [pid 296] getdents64(4, [pid 295] getdents64(4, [pid 297] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 297] rmdir("./7/file0" [pid 296] close(4 [pid 295] getdents64(4, [pid 297] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 295] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 297] getdents64(3, [pid 296] rmdir("./7/file0" [pid 295] close(4 [pid 297] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 297] close(3 [pid 296] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] rmdir("./7" [pid 296] close(3 [pid 295] rmdir("./8/file0" [pid 297] <... rmdir resumed>) = 0 [pid 297] mkdir("./8", 0777 [pid 296] <... close resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 484] <... ioctl resumed>) = 0 [pid 296] rmdir("./7" [pid 295] getdents64(3, [pid 296] <... rmdir resumed>) = 0 [pid 295] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 484] close(3) = 0 [pid 297] <... mkdir resumed>) = 0 [pid 296] mkdir("./8", 0777 [pid 295] close(3 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 484] close(4) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 295] <... close resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 297] <... openat resumed>) = 3 [pid 295] rmdir("./8" [pid 297] ioctl(3, LOOP_CLR_FD [pid 296] <... openat resumed>) = 3 [pid 295] <... rmdir resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 484] mkdir("./file0", 0777) = 0 [pid 484] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 295] mkdir("./9", 0777 [pid 297] close(3 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] <... mkdir resumed>) = 0 [pid 297] <... close resumed>) = 0 [pid 296] close(3) = 0 [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 295] <... openat resumed>) = 3 [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 487 [pid 295] ioctl(3, LOOP_CLR_FD [pid 297] <... clone resumed>, child_tidptr=0x555556fc5690) = 488 [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3) = 0 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 490 ./strace-static-x86_64: Process 487 attached [pid 487] set_robust_list(0x555556fc56a0, 24) = 0 [pid 487] chdir("./8") = 0 [pid 487] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 478] <... mount resumed>) = 0 [pid 478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY./strace-static-x86_64: Process 488 attached ) = 3 [pid 478] chdir("./file0" [pid 488] set_robust_list(0x555556fc56a0, 24 [pid 478] <... chdir resumed>) = 0 [pid 488] <... set_robust_list resumed>) = 0 [pid 478] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 488] chdir("./8" [pid 478] ioctl(4, LOOP_CLR_FD./strace-static-x86_64: Process 490 attached [pid 488] <... chdir resumed>) = 0 [pid 478] <... ioctl resumed>) = 0 [pid 488] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 478] close(4 [pid 490] set_robust_list(0x555556fc56a0, 24 [pid 478] <... close resumed>) = 0 [pid 490] <... set_robust_list resumed>) = 0 [pid 488] <... prctl resumed>) = 0 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] setpgid(0, 0 [pid 478] <... futex resumed>) = 1 [pid 477] <... futex resumed>) = 0 [pid 490] chdir("./9" [pid 488] <... setpgid resumed>) = 0 [pid 478] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] <... chdir resumed>) = 0 [pid 488] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 488] <... openat resumed>) = 3 [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = 1 [pid 478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... prctl resumed>) = 0 [pid 488] write(3, "1000", 4 [pid 490] setpgid(0, 0 [pid 488] <... write resumed>) = 4 [pid 478] <... open resumed>) = 4 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] close(3 [pid 490] <... setpgid resumed>) = 0 [pid 478] <... futex resumed>) = 1 [pid 477] <... futex resumed>) = 0 [pid 490] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 488] <... close resumed>) = 0 [pid 478] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... openat resumed>) = 3 [pid 488] symlink("/dev/binderfs", "./binderfs" [pid 478] <... write resumed>) = 9 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... symlink resumed>) = 0 [pid 490] write(3, "1000", 4 [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 478] creat("./bus", 000 [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... creat resumed>) = 5 [pid 477] <... futex resumed>) = 0 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... write resumed>) = 4 [pid 478] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] close(3 [pid 488] <... futex resumed>) = 0 [pid 487] setpgid(0, 0 [pid 484] <... mount resumed>) = 0 [pid 478] creat("./bus", 000 [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... close resumed>) = 0 [pid 488] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 478] <... creat resumed>) = 6 [pid 487] <... setpgid resumed>) = 0 [pid 477] <... futex resumed>) = 0 [pid 490] symlink("/dev/binderfs", "./binderfs" [pid 488] <... rt_sigaction resumed>NULL, 8) = 0 [pid 484] <... openat resumed>) = 3 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... symlink resumed>) = 0 [pid 488] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 487] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 484] chdir("./file0" [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 487] <... openat resumed>) = 3 [pid 484] <... chdir resumed>) = 0 [pid 478] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 484] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 490] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 488] <... mmap resumed>) = 0x7f5123aa9000 [pid 487] write(3, "1000", 4 [pid 484] <... openat resumed>) = 4 [pid 478] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 490] <... rt_sigaction resumed>NULL, 8) = 0 [pid 488] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 487] <... write resumed>) = 4 [pid 484] ioctl(4, LOOP_CLR_FD [pid 478] <... open resumed>) = 7 [pid 490] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 488] <... mprotect resumed>) = 0 [pid 487] close(3 [pid 484] <... ioctl resumed>) = 0 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 488] rt_sigprocmask(SIG_BLOCK, ~[], [pid 487] <... close resumed>) = 0 [pid 484] close(4 [pid 478] <... futex resumed>) = 1 [pid 477] <... futex resumed>) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 488] <... rt_sigprocmask resumed>[], 8) = 0 [pid 487] symlink("/dev/binderfs", "./binderfs" [pid 484] <... close resumed>) = 0 [pid 478] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... mmap resumed>) = 0x7f5123aa9000 [pid 488] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 487] <... symlink resumed>) = 0 [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 490] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 487] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... futex resumed>) = 1 [pid 483] <... futex resumed>) = 0 [pid 478] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 493 attached [pid 490] <... mprotect resumed>) = 0 [pid 488] <... clone3 resumed> => {parent_tid=[493]}, 88) = 493 [pid 487] <... futex resumed>) = 0 [pid 484] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... mmap resumed>) = 0x20000000 [pid 493] set_robust_list(0x7f5123ac99a0, 24 [pid 490] rt_sigprocmask(SIG_BLOCK, ~[], [pid 488] rt_sigprocmask(SIG_SETMASK, [], [pid 487] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 483] <... futex resumed>) = 0 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... rt_sigprocmask resumed>[], 8) = 0 [pid 488] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 487] <... rt_sigaction resumed>NULL, 8) = 0 [pid 484] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = 1 [pid 477] <... futex resumed>) = 0 [pid 490] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 488] <... futex resumed>) = 0 [pid 487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 484] <... open resumed>) = 4 [pid 478] ftruncate(6, 31 [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... clone3 resumed> => {parent_tid=[494]}, 88) = 494 [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 487] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... ftruncate resumed>) = 0 [pid 477] <... futex resumed>) = 0 ./strace-static-x86_64: Process 494 attached [pid 490] rt_sigprocmask(SIG_SETMASK, [], [pid 487] <... mmap resumed>) = 0x7f5123aa9000 [pid 484] <... futex resumed>) = 1 [pid 483] <... futex resumed>) = 0 [pid 478] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 493] <... set_robust_list resumed>) = 0 [pid 490] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 487] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 484] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 478] <... futex resumed>) = 0 [pid 477] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... mprotect resumed>) = 0 [pid 484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 24.462287][ T484] loop3: detected capacity change from 0 to 2048 [pid 493] rt_sigprocmask(SIG_SETMASK, [], [pid 483] <... futex resumed>) = 0 [pid 478] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 477] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] set_robust_list(0x7f5123ac99a0, 24 [pid 493] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 490] <... futex resumed>) = 0 [pid 487] rt_sigprocmask(SIG_BLOCK, ~[], [pid 484] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 478] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 477] <... futex resumed>) = 0 [pid 493] memfd_create("syzkaller", 0 [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 487] <... rt_sigprocmask resumed>[], 8) = 0 [pid 487] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 477] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 487] <... clone3 resumed> => {parent_tid=[495]}, 88) = 495 [pid 487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 494] <... set_robust_list resumed>) = 0 [pid 494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 494] memfd_create("syzkaller", 0) = 3 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 494] munmap(0x7f511b6a9000, 138412032) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 495 attached [pid 493] <... memfd_create resumed>) = 3 [pid 484] <... write resumed>) = 9 [pid 478] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 477] <... futex resumed>) = 0 [pid 493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 493] <... mmap resumed>) = 0x7f511b6a9000 [pid 484] <... futex resumed>) = 1 [pid 483] <... futex resumed>) = 0 [pid 477] <... mmap resumed>) = 0x7f5123a88000 [pid 493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 484] creat("./bus", 000 [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE [pid 495] set_robust_list(0x7f5123ac99a0, 24 [pid 494] <... ioctl resumed>) = 0 [pid 484] <... creat resumed>) = 5 [pid 483] <... futex resumed>) = 0 [pid 495] <... set_robust_list resumed>) = 0 [pid 495] rt_sigprocmask(SIG_SETMASK, [], [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 495] memfd_create("syzkaller", 0 [pid 484] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] <... memfd_create resumed>) = 3 [pid 484] creat("./bus", 000 [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 484] <... creat resumed>) = 6 [pid 483] <... futex resumed>) = 0 [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... open resumed>) = 7 [pid 483] <... futex resumed>) = 0 [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... mmap resumed>) = 0x20000000 [pid 483] <... futex resumed>) = 0 [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 484] ftruncate(6, 31 [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 484] <... ftruncate resumed>) = 0 [pid 483] <... futex resumed>) = 0 [pid 484] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 483] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 484] <... futex resumed>) = 0 [pid 483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 494] close(3 [pid 493] <... write resumed>) = 1048576 [pid 483] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... write resumed>) = 1048576 [pid 494] <... close resumed>) = 0 [pid 494] close(4) = 0 [pid 478] +++ killed by SIGBUS +++ [pid 494] mkdir("./file0", 0777) = 0 [pid 493] munmap(0x7f511b6a9000, 138412032) = 0 [pid 493] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 494] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 483] <... futex resumed>) = 0 [pid 477] <... mprotect resumed>) = ? [pid 495] munmap(0x7f511b6a9000, 138412032 [pid 493] close(3 [pid 484] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 483] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 477] +++ killed by SIGBUS +++ [pid 495] <... munmap resumed>) = 0 [pid 493] <... close resumed>) = 0 [pid 493] close(4 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=477, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 493] <... close resumed>) = 0 [pid 493] mkdir("./file0", 0777 [pid 299] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 493] <... mkdir resumed>) = 0 [pid 493] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 299] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 483] <... futex resumed>) = ? [pid 299] getdents64(3, [pid 484] +++ killed by SIGBUS +++ [pid 483] +++ killed by SIGBUS +++ [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 495] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 299] newfstatat(AT_FDCWD, "./9/binderfs", [pid 493] <... mount resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 495] <... openat resumed>) = 4 [pid 493] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] unlink("./9/binderfs" [pid 494] <... mount resumed>) = 0 [pid 495] ioctl(4, LOOP_SET_FD, 3 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 493] <... openat resumed>) = 3 [pid 299] <... unlink resumed>) = 0 [pid 494] <... openat resumed>) = 3 [pid 493] chdir("./file0" [ 24.510098][ T478] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.517523][ T494] loop0: detected capacity change from 0 to 2048 [ 24.535757][ T484] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.542563][ T493] loop2: detected capacity change from 0 to 2048 [pid 299] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 494] chdir("./file0" [pid 493] <... chdir resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... chdir resumed>) = 0 [pid 493] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 493] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 3 [pid 494] <... openat resumed>) = 4 [pid 493] ioctl(4, LOOP_CLR_FD [pid 298] newfstatat(3, "", [pid 494] ioctl(4, LOOP_CLR_FD [pid 493] <... ioctl resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 494] <... ioctl resumed>) = 0 [pid 493] close(4 [pid 298] getdents64(3, [pid 494] close(4 [pid 493] <... close resumed>) = 0 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 494] <... close resumed>) = 0 [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... futex resumed>) = 1 [pid 493] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./8/binderfs", [pid 494] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 493] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] unlink("./8/binderfs" [pid 495] <... ioctl resumed>) = 0 [pid 494] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 493] <... open resumed>) = 4 [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] close(3 [pid 298] <... unlink resumed>) = 0 [pid 495] <... close resumed>) = 0 [pid 298] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 494] <... open resumed>) = 4 [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] close(4) = 0 [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 494] <... futex resumed>) = 1 [pid 493] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 495] mkdir("./file0", 0777) = 0 [pid 495] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 493] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = 0 [pid 494] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 493] <... write resumed>) = 9 [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 494] <... write resumed>) = 9 [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 0 [pid 490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./9/file0", [pid 298] newfstatat(AT_FDCWD, "./8/file0", [pid 494] <... futex resumed>) = 0 [pid 493] creat("./bus", 000 [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 494] creat("./bus", 000 [pid 493] <... creat resumed>) = 5 [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 494] <... creat resumed>) = 5 [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 494] <... futex resumed>) = 0 [pid 490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 494] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... futex resumed>) = 0 [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 1 [pid 299] <... openat resumed>) = 4 [pid 298] <... openat resumed>) = 4 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 493] creat("./bus", 000 [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] newfstatat(4, "", [pid 298] newfstatat(4, "", [pid 494] creat("./bus", 000 [pid 493] <... creat resumed>) = 6 [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 494] <... creat resumed>) = 6 [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 298] getdents64(4, [pid 494] <... futex resumed>) = 1 [pid 493] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 494] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 299] getdents64(4, [pid 298] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 493] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] getdents64(4, [pid 494] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 493] <... open resumed>) = 7 [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] close(4 [pid 298] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 494] <... open resumed>) = 7 [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 299] rmdir("./9/file0" [pid 298] close(4 [pid 494] <... futex resumed>) = 1 [pid 493] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 494] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 299] <... rmdir resumed>) = 0 [pid 298] <... close resumed>) = 0 [pid 494] <... mmap resumed>) = 0x20000000 [pid 493] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] getdents64(3, [pid 298] rmdir("./8/file0" [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... mmap resumed>) = 0x20000000 [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 298] <... rmdir resumed>) = 0 [pid 494] <... futex resumed>) = 0 [pid 299] close(3 [pid 494] ftruncate(6, 31 [pid 493] <... futex resumed>) = 1 [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 488] <... futex resumed>) = 0 [pid 298] getdents64(3, [pid 494] <... ftruncate resumed>) = 0 [pid 493] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 490] <... futex resumed>) = 0 [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... close resumed>) = 0 [pid 494] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 490] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 488] <... futex resumed>) = 0 [pid 299] rmdir("./9" [pid 298] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 494] <... futex resumed>) = 0 [pid 493] ftruncate(6, 31 [pid 490] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 488] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... ftruncate resumed>) = 0 [pid 490] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 298] close(3 [pid 494] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 493] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 490] <... futex resumed>) = 0 [pid 299] mkdir("./10", 0777 [pid 298] <... close resumed>) = 0 [pid 495] <... mount resumed>) = 0 [pid 493] <... futex resumed>) = 1 [pid 488] <... futex resumed>) = 0 [pid 495] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 493] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 488] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... openat resumed>) = 3 [pid 493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 24.566767][ T495] loop1: detected capacity change from 0 to 2048 [pid 488] <... futex resumed>) = 0 [pid 495] chdir("./file0" [pid 490] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... mkdir resumed>) = 0 [pid 298] rmdir("./8" [pid 490] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] <... rmdir resumed>) = 0 [pid 490] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 299] <... openat resumed>) = 3 [pid 298] mkdir("./9", 0777 [pid 299] ioctl(3, LOOP_CLR_FD [pid 298] <... mkdir resumed>) = 0 [pid 299] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 299] close(3 [pid 298] <... openat resumed>) = 3 [pid 299] <... close resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] close(3 [pid 299] <... clone resumed>, child_tidptr=0x555556fc5690) = 502 [pid 298] <... close resumed>) = 0 [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 503 ./strace-static-x86_64: Process 503 attached [pid 503] set_robust_list(0x555556fc56a0, 24) = 0 [pid 503] chdir("./9") = 0 [pid 503] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 503] setpgid(0, 0) = 0 [pid 503] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 503] write(3, "1000", 4) = 4 [pid 503] close(3) = 0 [pid 503] symlink("/dev/binderfs", "./binderfs") = 0 [pid 503] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 503] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 ./strace-static-x86_64: Process 502 attached [pid 503] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 502] set_robust_list(0x555556fc56a0, 24 [pid 503] <... mmap resumed>) = 0x7f5123aa9000 [pid 502] <... set_robust_list resumed>) = 0 [pid 502] chdir("./10" [pid 488] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... chdir resumed>) = 0 [pid 495] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 488] <... futex resumed>) = 0 [pid 488] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 503] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 495] <... openat resumed>) = 4 [pid 503] <... mprotect resumed>) = 0 [pid 503] rt_sigprocmask(SIG_BLOCK, ~[], [pid 495] ioctl(4, LOOP_CLR_FD [pid 502] <... chdir resumed>) = 0 [pid 502] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 502] setpgid(0, 0) = 0 [pid 495] <... ioctl resumed>) = 0 [pid 503] <... rt_sigprocmask resumed>[], 8) = 0 [pid 495] close(4 [pid 503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 488] <... mmap resumed>) = 0x7f5123a88000 ./strace-static-x86_64: Process 504 attached [pid 502] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 495] <... close resumed>) = 0 [pid 494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 493] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 490] <... mmap resumed>) = 0 [pid 488] read(-256, [pid 503] <... clone3 resumed> => {parent_tid=[504]}, 88) = 504 [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] set_robust_list(0x7f5123ac99a0, 24 [pid 503] rt_sigprocmask(SIG_SETMASK, [], [pid 495] <... futex resumed>) = 1 [pid 494] +++ killed by SIGBUS +++ [pid 493] +++ killed by SIGBUS +++ [pid 490] +++ killed by SIGBUS +++ [pid 488] +++ killed by SIGBUS +++ [pid 487] <... futex resumed>) = 0 [pid 504] <... set_robust_list resumed>) = 0 [pid 503] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] rt_sigprocmask(SIG_SETMASK, [], [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... futex resumed>) = 0 [pid 504] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 503] <... futex resumed>) = 0 [pid 495] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] memfd_create("syzkaller", 0 [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 495] <... open resumed>) = 4 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=488, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 295] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=490, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 502] <... openat resumed>) = 3 [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 502] write(3, "1000", 4 [pid 495] <... futex resumed>) = 1 [pid 487] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 502] <... write resumed>) = 4 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 502] close(3 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... futex resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 295] <... openat resumed>) = 3 [pid 502] <... close resumed>) = 0 [pid 495] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(3, "", [pid 295] newfstatat(3, "", [pid 504] <... memfd_create resumed>) = 3 [pid 502] symlink("/dev/binderfs", "./binderfs" [pid 495] <... write resumed>) = 9 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 504] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 502] <... symlink resumed>) = 0 [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] getdents64(3, [pid 502] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 1 [pid 487] <... futex resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] getdents64(3, [pid 504] <... mmap resumed>) = 0x7f511b6a9000 [pid 502] <... futex resumed>) = 0 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 502] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 502] <... rt_sigaction resumed>NULL, 8) = 0 [pid 495] creat("./bus", 000 [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] newfstatat(AT_FDCWD, "./8/binderfs", [pid 502] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 495] <... creat resumed>) = 5 [pid 297] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] unlink("./8/binderfs" [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 495] <... futex resumed>) = 1 [pid 487] <... futex resumed>) = 0 [pid 297] <... unlink resumed>) = 0 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 502] <... mmap resumed>) = 0x7f5123aa9000 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] newfstatat(AT_FDCWD, "./9/binderfs", [pid 504] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 502] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = 0 [pid 295] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 504] <... write resumed>) = 1048576 [pid 502] <... mprotect resumed>) = 0 [pid 495] creat("./bus", 000 [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] unlink("./9/binderfs" [pid 504] munmap(0x7f511b6a9000, 138412032 [pid 502] rt_sigprocmask(SIG_BLOCK, ~[], [pid 495] <... creat resumed>) = 6 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 504] <... munmap resumed>) = 0 [pid 502] <... rt_sigprocmask resumed>[], 8) = 0 [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] newfstatat(AT_FDCWD, "./8/file0", [pid 295] <... unlink resumed>) = 0 [pid 504] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 502] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 495] <... futex resumed>) = 1 [pid 487] <... futex resumed>) = 0 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 295] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 505 attached [pid 504] <... openat resumed>) = 4 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 504] ioctl(4, LOOP_SET_FD, 3 [pid 502] <... clone3 resumed> => {parent_tid=[505]}, 88) = 505 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... futex resumed>) = 0 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 505] set_robust_list(0x7f5123ac99a0, 24 [ 24.603009][ T494] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.605866][ T493] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 502] rt_sigprocmask(SIG_SETMASK, [], [pid 505] <... set_robust_list resumed>) = 0 [pid 505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 505] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 495] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 7 [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = 0 [pid 487] <... futex resumed>) = 1 [pid 495] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... mmap resumed>) = 0x20000000 [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... futex resumed>) = 0 [pid 495] ftruncate(6, 31 [pid 487] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 495] <... ftruncate resumed>) = 0 [pid 297] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 495] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 487] <... futex resumed>) = 0 [pid 502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 495] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 487] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... openat resumed>) = 4 [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 495] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 487] <... futex resumed>) = 0 [pid 505] <... futex resumed>) = 0 [pid 502] <... futex resumed>) = 1 [pid 297] newfstatat(4, "", [pid 295] <... umount2 resumed>) = 0 [pid 505] memfd_create("syzkaller", 0 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 505] <... memfd_create resumed>) = 3 [pid 297] getdents64(4, [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 297] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 295] newfstatat(AT_FDCWD, "./9/file0", [pid 505] <... mmap resumed>) = 0x7f511b6a9000 [pid 297] getdents64(4, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 297] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 295] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 297] close(4 [pid 295] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 297] <... close resumed>) = 0 [pid 295] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 297] rmdir("./8/file0" [pid 295] <... openat resumed>) = 4 [pid 297] <... rmdir resumed>) = 0 [pid 295] newfstatat(4, "", [pid 297] getdents64(3, [pid 295] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 295] getdents64(4, [pid 297] close(3 [pid 295] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 297] <... close resumed>) = 0 [pid 295] getdents64(4, [pid 297] rmdir("./8" [pid 295] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 297] <... rmdir resumed>) = 0 [pid 295] close(4 [pid 297] mkdir("./9", 0777 [pid 295] <... close resumed>) = 0 [pid 504] <... ioctl resumed>) = 0 [pid 495] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 487] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... mkdir resumed>) = 0 [pid 295] rmdir("./9/file0" [pid 504] close(3 [pid 487] <... futex resumed>) = ? [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 295] <... rmdir resumed>) = 0 [pid 297] <... openat resumed>) = 3 [pid 295] getdents64(3, [pid 297] ioctl(3, LOOP_CLR_FD [pid 295] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 295] close(3 [pid 297] close(3 [pid 295] <... close resumed>) = 0 [pid 505] <... write resumed>) = 1048576 [pid 504] <... close resumed>) = 0 [pid 495] +++ killed by SIGBUS +++ [pid 487] +++ killed by SIGBUS +++ [pid 297] <... close resumed>) = 0 [pid 295] rmdir("./9" [pid 505] munmap(0x7f511b6a9000, 138412032 [pid 504] close(4 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=487, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- ./strace-static-x86_64: Process 506 attached [pid 505] <... munmap resumed>) = 0 [pid 504] <... close resumed>) = 0 [pid 295] <... rmdir resumed>) = 0 [pid 506] set_robust_list(0x555556fc56a0, 24 [pid 505] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 504] mkdir("./file0", 0777 [pid 297] <... clone resumed>, child_tidptr=0x555556fc5690) = 506 [pid 506] <... set_robust_list resumed>) = 0 [pid 505] <... openat resumed>) = 4 [pid 504] <... mkdir resumed>) = 0 [pid 295] mkdir("./10", 0777 [pid 506] chdir("./9" [pid 505] ioctl(4, LOOP_SET_FD, 3 [pid 504] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 506] <... chdir resumed>) = 0 [pid 296] umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW [pid 295] <... mkdir resumed>) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 295] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 296] openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 295] <... openat resumed>) = 3 [pid 296] <... openat resumed>) = 3 [pid 295] ioctl(3, LOOP_CLR_FD [pid 296] newfstatat(3, "", [pid 295] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 295] close(3 [pid 296] getdents64(3, [pid 295] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 295] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 295] <... clone resumed>, child_tidptr=0x555556fc5690) = 507 [pid 296] newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./8/binderfs") = 0 [pid 296] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW./strace-static-x86_64: Process 507 attached [pid 506] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 505] <... ioctl resumed>) = 0 [pid 507] set_robust_list(0x555556fc56a0, 24) = 0 [pid 507] chdir("./10") = 0 [pid 507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 507] setpgid(0, 0) = 0 [pid 507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 507] write(3, "1000", 4) = 4 [pid 507] close(3) = 0 [pid 507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 296] <... umount2 resumed>) = 0 [pid 506] <... prctl resumed>) = 0 [pid 505] close(3 [pid 296] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./8/file0", [pid 507] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... mount resumed>) = 0 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 504] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 296] umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 504] <... openat resumed>) = 3 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 504] chdir("./file0" [pid 296] openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 504] <... chdir resumed>) = 0 [pid 296] <... openat resumed>) = 4 [pid 504] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] newfstatat(4, "", [pid 504] <... openat resumed>) = 4 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 507] <... futex resumed>) = 0 [pid 504] ioctl(4, LOOP_CLR_FD [pid 296] getdents64(4, [pid 504] <... ioctl resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 506] setpgid(0, 0 [pid 504] close(4 [pid 296] getdents64(4, [pid 507] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 505] <... close resumed>) = 0 [pid 504] <... close resumed>) = 0 [pid 507] <... rt_sigaction resumed>NULL, 8) = 0 [pid 505] close(4) = 0 [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 505] mkdir("./file0", 0777) = 0 [pid 296] close(4 [pid 505] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 296] <... close resumed>) = 0 [pid 504] <... futex resumed>) = 1 [pid 503] <... futex resumed>) = 0 [pid 296] rmdir("./8/file0" [pid 504] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] getdents64(3, [pid 506] <... setpgid resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 506] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 504] <... open resumed>) = 4 [pid 296] close(3 [pid 506] <... openat resumed>) = 3 [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... close resumed>) = 0 [pid 504] <... futex resumed>) = 1 [pid 503] <... futex resumed>) = 0 [pid 296] rmdir("./8" [pid 504] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] write(3, "1000", 4 [pid 503] <... futex resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 506] <... write resumed>) = 4 [pid 506] close(3 [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... write resumed>) = 9 [pid 296] mkdir("./9", 0777 [pid 506] <... close resumed>) = 0 [pid 506] symlink("/dev/binderfs", "./binderfs") = 0 [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... mkdir resumed>) = 0 [pid 504] <... futex resumed>) = 1 [pid 503] <... futex resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 504] creat("./bus", 000 [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 296] <... openat resumed>) = 3 [pid 506] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... creat resumed>) = 5 [pid 503] <... futex resumed>) = 0 [pid 296] ioctl(3, LOOP_CLR_FD [pid 506] <... futex resumed>) = 0 [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 504] <... futex resumed>) = 0 [pid 503] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 296] close(3 [pid 504] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 506] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 503] <... futex resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 504] creat("./bus", 000 [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 504] <... creat resumed>) = 6 [pid 506] <... rt_sigaction resumed>NULL, 8) = 0 [pid 506] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... mmap resumed>) = 0x7f5123aa9000 [pid 506] <... mmap resumed>) = 0x7f5123aa9000 [pid 504] <... futex resumed>) = 1 [pid 503] <... futex resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 510 [pid 507] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 506] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 507] <... mprotect resumed>) = 0 [pid 506] <... mprotect resumed>) = 0 [pid 504] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] rt_sigprocmask(SIG_BLOCK, ~[], [pid 506] rt_sigprocmask(SIG_BLOCK, ~[], [pid 504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 503] <... futex resumed>) = 0 [pid 507] <... rt_sigprocmask resumed>[], 8) = 0 [pid 506] <... rt_sigprocmask resumed>[], 8) = 0 [pid 504] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 506] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... open resumed>) = 7 [pid 507] <... clone3 resumed> => {parent_tid=[511]}, 88) = 511 [pid 506] <... clone3 resumed> => {parent_tid=[512]}, 88) = 512 [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] rt_sigprocmask(SIG_SETMASK, [], [pid 506] rt_sigprocmask(SIG_SETMASK, [], [pid 504] <... futex resumed>) = 1 [pid 506] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 504] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] <... futex resumed>) = 0 [pid 507] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 0 [pid 503] <... futex resumed>) = 1 ./strace-static-x86_64: Process 510 attached [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 504] <... futex resumed>) = 0 [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] set_robust_list(0x555556fc56a0, 24 [pid 504] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 510] <... set_robust_list resumed>) = 0 [pid 504] <... mmap resumed>) = 0x20000000 [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] chdir("./9" [pid 504] <... futex resumed>) = 1 [pid 503] <... futex resumed>) = 0 [pid 510] <... chdir resumed>) = 0 [pid 504] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 503] <... futex resumed>) = 0 [pid 504] ftruncate(6, 31 [pid 503] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 504] <... ftruncate resumed>) = 0 [pid 510] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 504] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... prctl resumed>) = 0 [pid 504] <... futex resumed>) = 1 [pid 503] <... futex resumed>) = 0 [pid 504] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 503] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 503] <... futex resumed>) = 0 [ 24.658098][ T504] loop3: detected capacity change from 0 to 2048 [ 24.666999][ T495] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.693538][ T505] loop4: detected capacity change from 0 to 2048 [pid 510] setpgid(0, 0) = 0 [pid 510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 510] write(3, "1000", 4) = 4 [pid 510] close(3) = 0 [pid 510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 510] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 510] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[513]}, 88) = 513 [pid 510] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 513 attached [pid 513] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 513] memfd_create("syzkaller", 0) = 3 [pid 513] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 513] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 513] munmap(0x7f511b6a9000, 138412032) = 0 [pid 513] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 513] ioctl(4, LOOP_SET_FD, 3./strace-static-x86_64: Process 512 attached ./strace-static-x86_64: Process 511 attached [pid 504] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 503] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] set_robust_list(0x7f5123ac99a0, 24 [pid 511] set_robust_list(0x7f5123ac99a0, 24 [pid 503] <... futex resumed>) = 0 [pid 512] <... set_robust_list resumed>) = 0 [pid 511] <... set_robust_list resumed>) = 0 [pid 503] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 512] rt_sigprocmask(SIG_SETMASK, [], [pid 511] rt_sigprocmask(SIG_SETMASK, [], [pid 503] <... mmap resumed>) = 0x7f5123a88000 [pid 512] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 503] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE [pid 512] memfd_create("syzkaller", 0 [pid 511] memfd_create("syzkaller", 0 [pid 503] <... mprotect resumed>) = 0 [pid 512] <... memfd_create resumed>) = 3 [pid 511] <... memfd_create resumed>) = 3 [pid 503] rt_sigprocmask(SIG_BLOCK, ~[], [pid 512] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0 [pid 503] <... rt_sigprocmask resumed>[], 8) = 0 [pid 512] <... mmap resumed>) = 0x7f511b6a9000 [pid 511] <... mmap resumed>) = 0x7f511b6a9000 [pid 503] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123aa8990, parent_tid=0x7f5123aa8990, exit_signal=0, stack=0x7f5123a88000, stack_size=0x20300, tls=0x7f5123aa86c0} [pid 513] <... ioctl resumed>) = 0 [pid 511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 512] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 511] <... write resumed>) = 1048576 [pid 503] <... clone3 resumed> ) = ? [pid 504] +++ killed by SIGBUS +++ [pid 503] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=503, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- [pid 298] restart_syscall(<... resuming interrupted clone ...> [pid 511] munmap(0x7f511b6a9000, 138412032 [pid 298] <... restart_syscall resumed>) = 0 [pid 298] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW [pid 513] close(3 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 298] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 513] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 513] close(4 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 298] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 513] <... close resumed>) = 0 [pid 512] <... write resumed>) = 1048576 [pid 511] <... munmap resumed>) = 0 [pid 513] mkdir("./file0", 0777) = 0 [pid 512] munmap(0x7f511b6a9000, 138412032 [pid 513] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 512] <... munmap resumed>) = 0 [pid 512] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 298] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 512] <... openat resumed>) = 4 [pid 298] unlink("./9/binderfs" [pid 512] ioctl(4, LOOP_SET_FD, 3 [pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 505] <... mount resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 298] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 505] <... openat resumed>) = 3 [pid 505] chdir("./file0") = 0 [pid 505] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 505] ioctl(4, LOOP_CLR_FD) = 0 [pid 505] close(4 [pid 512] <... ioctl resumed>) = 0 [pid 511] <... openat resumed>) = 4 [pid 505] <... close resumed>) = 0 [pid 512] close(3) = 0 [pid 512] close(4) = 0 [pid 511] ioctl(4, LOOP_SET_FD, 3 [pid 512] mkdir("./file0", 0777 [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 512] <... mkdir resumed>) = 0 [pid 512] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 511] <... ioctl resumed>) = 0 [pid 511] close(3) = 0 [pid 511] close(4) = 0 [pid 511] mkdir("./file0", 0777 [pid 298] <... umount2 resumed>) = 0 [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 505] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 511] <... mkdir resumed>) = 0 [pid 505] <... open resumed>) = 4 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 298] newfstatat(AT_FDCWD, "./9/file0", [pid 505] <... futex resumed>) = 1 [pid 502] <... futex resumed>) = 0 [pid 505] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 502] <... futex resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 505] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 298] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 511] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 505] <... write resumed>) = 9 [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] creat("./bus", 000) = 5 [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] creat("./bus", 000) = 6 [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 502] <... futex resumed>) = 0 [pid 505] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... open resumed>) = 7 [pid 502] <... futex resumed>) = 0 [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 0 [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 505] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... mmap resumed>) = 0x20000000 [pid 502] <... futex resumed>) = 0 [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 0 [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 505] ftruncate(6, 31 [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... ftruncate resumed>) = 0 [pid 502] <... futex resumed>) = 0 [pid 505] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 502] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... futex resumed>) = 0 [pid 502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [ 24.729414][ T504] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.741324][ T513] loop1: detected capacity change from 0 to 2048 [ 24.762232][ T512] loop2: detected capacity change from 0 to 2048 [ 24.770163][ T511] loop0: detected capacity change from 0 to 2048 [pid 502] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 502] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 298] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] close(4) = 0 [pid 298] rmdir("./9/file0") = 0 [pid 298] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 298] close(3) = 0 [pid 298] rmdir("./9") = 0 [pid 298] mkdir("./10", 0777) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 3 [pid 513] <... mount resumed>) = 0 [pid 512] <... mount resumed>) = 0 [pid 505] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 502] <... mmap resumed>) = 0x7f5123a88000 [pid 298] ioctl(3, LOOP_CLR_FD [pid 513] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 512] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 505] +++ killed by SIGBUS +++ [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 513] <... openat resumed>) = 3 [pid 513] chdir("./file0") = 0 [pid 513] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 513] ioctl(4, LOOP_CLR_FD) = 0 [pid 513] close(4) = 0 [pid 512] <... openat resumed>) = 3 [pid 502] +++ killed by SIGBUS +++ [pid 298] close(3) = 0 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=502, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 512] chdir("./file0" [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 512] <... chdir resumed>) = 0 [pid 299] <... restart_syscall resumed>) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 520 [pid 512] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 512] ioctl(4, LOOP_CLR_FD [pid 299] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW [pid 512] <... ioctl resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 512] close(4 [pid 299] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 512] <... close resumed>) = 0 [pid 299] <... openat resumed>) = 3 [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(3, "", [pid 512] <... futex resumed>) = 1 [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 512] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 299] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 299] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] unlink("./10/binderfs") = 0 [pid 299] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 506] <... futex resumed>) = 0 [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 510] <... futex resumed>) = 0 [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 512] <... futex resumed>) = 0 [pid 510] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 1 [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... open resumed>) = 4 [pid 512] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000./strace-static-x86_64: Process 520 attached [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] <... open resumed>) = 4 [pid 520] set_robust_list(0x555556fc56a0, 24) = 0 [pid 520] chdir("./10") = 0 [pid 520] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 520] setpgid(0, 0) = 0 [pid 520] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 520] write(3, "1000", 4) = 4 [pid 520] close(3) = 0 [pid 520] symlink("/dev/binderfs", "./binderfs") = 0 [pid 520] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 520] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 513] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 512] <... futex resumed>) = 1 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 510] <... futex resumed>) = 0 [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... write resumed>) = 9 [pid 512] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 520] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 520] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 520] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = 0 [pid 513] <... futex resumed>) = 1 [pid 512] <... write resumed>) = 9 [pid 510] <... futex resumed>) = 0 [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] creat("./bus", 000 [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 513] <... creat resumed>) = 5 [pid 512] <... futex resumed>) = 1 [pid 506] <... futex resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] newfstatat(AT_FDCWD, "./10/file0", [pid 520] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[522]}, 88) = 522 [pid 520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 522 attached [pid 522] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 522] rt_sigprocmask(SIG_SETMASK, [], [pid 513] <... futex resumed>) = 1 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 506] <... futex resumed>) = 0 [pid 513] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] creat("./bus", 000 [pid 510] <... futex resumed>) = 0 [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 512] <... creat resumed>) = 5 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 513] <... futex resumed>) = 0 [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... futex resumed>) = 1 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 513] creat("./bus", 000 [pid 512] <... futex resumed>) = 1 [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] <... futex resumed>) = 0 [pid 299] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 513] <... creat resumed>) = 6 [pid 512] creat("./bus", 000 [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... openat resumed>) = 4 [pid 513] <... futex resumed>) = 1 [pid 512] <... creat resumed>) = 6 [pid 510] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 0 [pid 299] newfstatat(4, "", [pid 513] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 0 [pid 510] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 299] getdents64(4, [pid 513] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 512] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... open resumed>) = 7 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 506] <... futex resumed>) = 0 [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 513] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 512] <... open resumed>) = 7 [pid 513] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] getdents64(4, [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 0 [pid 299] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 513] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 512] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] close(4 [pid 513] <... mmap resumed>) = 0x20000000 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 506] <... futex resumed>) = 0 [pid 299] <... close resumed>) = 0 [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 299] rmdir("./10/file0" [pid 522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 513] <... futex resumed>) = 1 [pid 512] <... mmap resumed>) = 0x20000000 [pid 510] <... futex resumed>) = 0 [pid 513] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 0 [pid 513] ftruncate(6, 31 [pid 512] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 510] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 513] <... ftruncate resumed>) = 0 [pid 512] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 506] <... futex resumed>) = 0 [pid 513] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 512] ftruncate(6, 31 [pid 506] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 513] <... futex resumed>) = 1 [pid 512] <... ftruncate resumed>) = 0 [pid 510] <... futex resumed>) = 0 [pid 513] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 512] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 299] <... rmdir resumed>) = 0 [pid 513] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 512] <... futex resumed>) = 1 [pid 510] <... futex resumed>) = 0 [pid 506] <... futex resumed>) = 0 [pid 299] getdents64(3, [ 24.785180][ T505] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 522] memfd_create("syzkaller", 0) = 3 [pid 522] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 522] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 522] munmap(0x7f511b6a9000, 138412032) = 0 [pid 522] openat(AT_FDCWD, "/dev/loop3", O_RDWR) = 4 [pid 522] ioctl(4, LOOP_SET_FD, 3 [pid 510] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... ioctl resumed>) = 0 [pid 522] close(3) = 0 [pid 522] close(4) = 0 [pid 522] mkdir("./file0", 0777) = 0 [pid 522] mount("/dev/loop3", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 513] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 299] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./10") = 0 [pid 299] mkdir("./11", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 524 ./strace-static-x86_64: Process 524 attached [pid 524] set_robust_list(0x555556fc56a0, 24) = 0 [pid 506] <... futex resumed>) = 0 [pid 506] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 510] <... futex resumed>) = ? [pid 513] +++ killed by SIGBUS +++ [pid 506] <... futex resumed>) = 0 [pid 524] chdir("./11" [pid 510] +++ killed by SIGBUS +++ [pid 506] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=510, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 524] <... chdir resumed>) = 0 [pid 524] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 296] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 524] <... prctl resumed>) = 0 [pid 524] setpgid(0, 0) = 0 [pid 524] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 524] write(3, "1000", 4) = 4 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./9/binderfs") = 0 [pid 296] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 512] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 506] <... mmap resumed>) = 0x7f5123a88000 [pid 506] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 506] rt_sigprocmask(SIG_BLOCK, ~[], [pid 524] close(3) = 0 [pid 524] symlink("/dev/binderfs", "./binderfs") = 0 [pid 524] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... mount resumed>) = 0 [pid 511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 511] chdir("./file0") = 0 [pid 511] openat(AT_FDCWD, "/dev/loop0", O_RDWR [pid 506] <... rt_sigprocmask resumed> ) = ? [pid 511] <... openat resumed>) = 4 [pid 511] ioctl(4, LOOP_CLR_FD) = 0 [pid 511] close(4 [pid 524] <... futex resumed>) = 0 [pid 512] +++ killed by SIGBUS +++ [pid 511] <... close resumed>) = 0 [pid 506] +++ killed by SIGBUS +++ [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=506, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- [pid 511] <... futex resumed>) = 1 [pid 511] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 297] umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 297] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 297] umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] unlink("./9/binderfs") = 0 [pid 297] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 524] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] <... rt_sigaction resumed>NULL, 8) = 0 [pid 524] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 524] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 524] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 524] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[527]}, 88) = 527 [pid 524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 527 attached [pid 527] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 527] memfd_create("syzkaller", 0) = 3 [pid 527] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 296] <... umount2 resumed>) = 0 [pid 507] <... futex resumed>) = 1 [pid 511] <... futex resumed>) = 0 [pid 511] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] <... open resumed>) = 4 [pid 296] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 296] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 296] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 296] close(4) = 0 [pid 296] rmdir("./9/file0") = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 296] close(3) = 0 [pid 296] rmdir("./9") = 0 [pid 296] mkdir("./10", 0777 [pid 522] <... mount resumed>) = 0 [pid 296] <... mkdir resumed>) = 0 [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 3 [pid 296] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 296] close(3) = 0 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 296] <... clone resumed>, child_tidptr=0x555556fc5690) = 528 ./strace-static-x86_64: Process 528 attached [pid 528] set_robust_list(0x555556fc56a0, 24) = 0 [pid 528] chdir("./10") = 0 [pid 528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 528] setpgid(0, 0) = 0 [pid 528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 528] write(3, "1000", 4) = 4 [pid 528] close(3) = 0 [pid 528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 528] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 528] <... futex resumed>) = 0 [pid 528] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 528] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 507] <... futex resumed>) = 0 [pid 528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 511] <... write resumed>) = 9 [pid 522] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 528] <... clone3 resumed> => {parent_tid=[529]}, 88) = 529 [pid 528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 529 attached [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... openat resumed>) = 3 [pid 511] <... futex resumed>) = 1 [pid 507] <... futex resumed>) = 0 [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] creat("./bus", 000 [pid 522] chdir("./file0" [pid 529] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 529] memfd_create("syzkaller", 0) = 3 [pid 529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 507] <... futex resumed>) = 0 [pid 511] <... creat resumed>) = 5 [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... chdir resumed>) = 0 [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 511] <... futex resumed>) = 1 [pid 507] <... futex resumed>) = 0 [pid 522] <... openat resumed>) = 4 [pid 511] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 522] ioctl(4, LOOP_CLR_FD [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... ioctl resumed>) = 0 [pid 511] creat("./bus", 000) = 6 [pid 522] close(4 [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 511] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 522] <... close resumed>) = 0 [pid 507] <... futex resumed>) = 0 [pid 511] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] <... open resumed>) = 7 [pid 522] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = 1 [pid 520] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = 1 [pid 507] <... futex resumed>) = 0 [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 511] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] <... futex resumed>) = 0 [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 507] <... futex resumed>) = 0 [pid 522] <... open resumed>) = 4 [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 522] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] <... mmap resumed>) = 0x20000000 [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 511] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 522] <... futex resumed>) = 1 [pid 520] <... futex resumed>) = 0 [pid 511] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 511] ftruncate(6, 31 [pid 507] <... futex resumed>) = 0 [pid 520] <... futex resumed>) = 0 [pid 507] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 511] <... ftruncate resumed>) = 0 [pid 511] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 522] <... write resumed>) = 9 [pid 507] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123a88000 [pid 507] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123aa8990, parent_tid=0x7f5123aa8990, exit_signal=0, stack=0x7f5123a88000, stack_size=0x20300, tls=0x7f5123aa86c0} => {parent_tid=[530]}, 88) = 530 [pid 507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 507] futex(0x7f5123b95718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 24.840183][ T513] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.851699][ T522] loop3: detected capacity change from 0 to 2048 [ 24.855376][ T512] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 507] futex(0x7f5123b9571c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 529] munmap(0x7f511b6a9000, 138412032) = 0 [pid 529] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 529] ioctl(4, LOOP_SET_FD, 3 [pid 522] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = 0 [pid 522] <... futex resumed>) = 1 [pid 520] <... futex resumed>) = 0 [pid 297] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 522] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 522] creat("./bus", 000 [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... ioctl resumed>) = 0 [pid 529] close(3 [pid 522] <... creat resumed>) = 5 [pid 529] <... close resumed>) = 0 [pid 522] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] close(4 [pid 522] <... futex resumed>) = 1 [pid 520] <... futex resumed>) = 0 [pid 522] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 522] creat("./bus", 000 [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] <... close resumed>) = 0 [pid 522] <... creat resumed>) = 6 [pid 529] mkdir("./file0", 0777 [pid 522] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 522] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 522] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... open resumed>) = 7 [pid 522] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 522] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 522] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 522] ftruncate(6, 31 [pid 520] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 522] <... ftruncate resumed>) = 0 [pid 522] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 520] <... futex resumed>) = 0 [pid 522] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 520] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 522] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 520] <... futex resumed>) = 0 [pid 529] <... mkdir resumed>) = 0 [pid 529] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 527] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 527] munmap(0x7f511b6a9000, 138412032) = 0 [pid 527] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 4 [pid 527] ioctl(4, LOOP_SET_FD, 3 [pid 520] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 520] <... futex resumed>) = 0 [pid 297] newfstatat(AT_FDCWD, "./9/file0", [pid 520] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 527] <... ioctl resumed>) = 0 [pid 527] close(3) = 0 [pid 527] close(4) = 0 [pid 527] mkdir("./file0", 0777 [pid 297] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 297] umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 297] openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 297] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 297] getdents64(4, [pid 527] <... mkdir resumed>) = 0 [pid 297] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 527] mount("/dev/loop4", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 297] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 297] close(4) = 0 [pid 297] rmdir("./9/file0"./strace-static-x86_64: Process 530 attached ) = 0 [pid 297] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 530] set_robust_list(0x7f5123aa89a0, 24 [pid 297] close(3 [pid 530] <... set_robust_list resumed>) = 0 [pid 530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 297] <... close resumed>) = 0 [pid 297] rmdir("./9" [pid 530] ioctl(-1, TIOCMBIC, [0]) = -1 EBADF (Bad file descriptor) [pid 530] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 507] <... futex resumed>) = 0 [pid 530] futex(0x7f5123b95718, FUTEX_WAIT_PRIVATE, 0, NULL [pid 511] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 297] <... rmdir resumed>) = 0 [pid 530] <... futex resumed>) = ? [pid 530] +++ killed by SIGBUS +++ [pid 297] mkdir("./10", 0777 [pid 529] <... mount resumed>) = 0 [pid 527] <... mount resumed>) = 0 [pid 522] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 520] <... mmap resumed>) = 0x7f5123a88000 [pid 529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 527] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [ 24.911358][ T511] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.915120][ T529] loop1: detected capacity change from 0 to 2048 [ 24.935188][ T522] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.942108][ T527] loop4: detected capacity change from 0 to 2048 [ 24.971314][ T511] ------------[ cut here ]------------ [ 24.976605][ T511] kernel BUG at fs/ext4/inode.c:2749! [ 24.979898][ T529] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 24.993637][ T511] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 25.000599][ T527] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, [ 25.002398][ T511] CPU: 1 PID: 511 Comm: syz-executor261 Not tainted 6.1.75-syzkaller-00037-gdcb09569bbff #0 [pid 520] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE [pid 529] <... openat resumed>) = 3 [pid 527] <... openat resumed>) = 3 [pid 520] <... mprotect resumed>) = ? [pid 297] <... mkdir resumed>) = 0 [pid 522] +++ killed by SIGBUS +++ [pid 520] +++ killed by SIGBUS +++ [pid 298] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=520, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- [pid 298] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 298] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 529] chdir("./file0" [pid 298] newfstatat(3, "", [pid 529] <... chdir resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 529] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] getdents64(3, [pid 529] <... openat resumed>) = 4 [pid 298] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 529] ioctl(4, LOOP_CLR_FD [pid 298] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 529] <... ioctl resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 529] close(4 [pid 298] newfstatat(AT_FDCWD, "./10/binderfs", [pid 529] <... close resumed>) = 0 [pid 298] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] chdir("./file0" [pid 298] unlink("./10/binderfs" [pid 529] <... futex resumed>) = 1 [pid 528] <... futex resumed>) = 0 [pid 527] <... chdir resumed>) = 0 [pid 298] <... unlink resumed>) = 0 [pid 529] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] openat(AT_FDCWD, "/dev/loop4", O_RDWR [pid 298] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 529] <... open resumed>) = 4 [pid 528] <... futex resumed>) = 0 [pid 527] <... openat resumed>) = 4 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] ioctl(4, LOOP_CLR_FD [pid 529] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 527] <... ioctl resumed>) = 0 [pid 529] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] close(4 [pid 529] <... write resumed>) = 9 [pid 528] <... futex resumed>) = 0 [pid 527] <... close resumed>) = 0 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] creat("./bus", 000 [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 1 [pid 524] <... futex resumed>) = 0 [pid 529] <... creat resumed>) = 5 [pid 528] <... futex resumed>) = 0 [pid 527] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... open resumed>) = 4 [pid 524] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] creat("./bus", 000 [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] <... creat resumed>) = 6 [pid 528] <... futex resumed>) = 0 [pid 527] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... write resumed>) = 9 [pid 524] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] <... open resumed>) = 7 [pid 528] <... futex resumed>) = 0 [pid 527] creat("./bus", 000 [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... creat resumed>) = 5 [pid 524] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] <... mmap resumed>) = 0x20000000 [pid 528] <... futex resumed>) = 0 [pid 527] creat("./bus", 000 [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... creat resumed>) = 6 [pid 524] <... futex resumed>) = 0 [pid 529] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] ftruncate(6, 31 [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 529] <... ftruncate resumed>) = 0 [pid 528] <... futex resumed>) = 0 [pid 527] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 529] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... open resumed>) = 7 [pid 524] <... futex resumed>) = 0 [pid 297] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 529] <... futex resumed>) = 0 [pid 528] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 528] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = 0 [pid 524] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 297] <... openat resumed>) = 3 [pid 529] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 528] <... futex resumed>) = 0 [pid 527] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 528] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 524] <... futex resumed>) = 0 [pid 297] ioctl(3, LOOP_CLR_FD [pid 528] <... futex resumed>) = 0 [pid 527] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 297] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 527] <... mmap resumed>) = 0x20000000 [pid 297] close(3 [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 297] <... close resumed>) = 0 [pid 527] <... futex resumed>) = 1 [pid 524] <... futex resumed>) = 0 [pid 297] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 527] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 524] <... futex resumed>) = 0 [pid 527] ftruncate(6, 31 [pid 524] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 527] <... ftruncate resumed>) = 0 [pid 297] <... clone resumed>, child_tidptr=0x555556fc5690) = 536 [pid 527] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 524] <... futex resumed>) = 0 [pid 527] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 524] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 527] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 524] <... futex resumed>) = 0 [pid 524] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 524] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 536 attached [pid 536] set_robust_list(0x555556fc56a0, 24) = 0 [pid 536] chdir("./10") = 0 [pid 536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 536] setpgid(0, 0) = 0 [pid 536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 536] write(3, "1000", 4) = 4 [pid 536] close(3) = 0 [pid 536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 536] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 536] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[537]}, 88) = 537 [pid 536] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 537 attached [pid 537] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 537] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 537] memfd_create("syzkaller", 0) = 3 [pid 537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 528] <... mmap resumed>) = 0x7f5123a88000 [pid 528] mprotect(0x7f5123a89000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123aa8990, parent_tid=0x7f5123aa8990, exit_signal=0, stack=0x7f5123a88000, stack_size=0x20300, tls=0x7f5123aa86c0} => {parent_tid=[538]}, 88) = 538 [pid 528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 528] futex(0x7f5123b95718, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 528] futex(0x7f5123b9571c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 529] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 537] munmap(0x7f511b6a9000, 138412032) = 0 [pid 537] openat(AT_FDCWD, "/dev/loop2", O_RDWR) = 4 [pid 537] ioctl(4, LOOP_SET_FD, 3 [pid 528] <... futex resumed>) = ? [pid 529] +++ killed by SIGBUS +++ ./strace-static-x86_64: Process 538 attached [pid 538] +++ killed by SIGBUS +++ [pid 528] +++ killed by SIGBUS +++ [ 25.002417][ T511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 25.002426][ T511] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [ 25.010466][ T527] block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.020362][ T511] Code: 43 81 ff 31 ff 89 de e8 23 43 81 ff 45 84 f6 75 2a e8 89 40 81 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 75 40 81 ff <0f> 0b e8 6e 40 81 ff e8 55 62 0c ff e9 46 c3 ff ff e8 5f 40 81 ff [ 25.020375][ T511] RSP: 0018:ffffc90001437000 EFLAGS: 00010293 [pid 296] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=528, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- [pid 296] restart_syscall(<... resuming interrupted clone ...>) = 0 [pid 296] umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [pid 296] newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] getdents64(3, 0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 296] umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 296] newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] unlink("./10/binderfs") = 0 [pid 296] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 537] <... ioctl resumed>) = 0 [pid 537] close(3) = 0 [pid 537] close(4) = 0 [pid 537] mkdir("./file0", 0777) = 0 [ 25.020389][ T511] RAX: ffffffff81f41dab RBX: 0000008000000000 RCX: ffff8881184dbcc0 [ 25.020399][ T511] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 25.020408][ T511] RBP: ffffc90001437410 R08: ffffffff81f3e50b R09: ffffed10200b439e [ 25.020418][ T511] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888119420000 [ 25.020427][ T511] R13: ffff8881005a1e28 R14: 0000009410000000 R15: ffffc900014372e0 [ 25.020437][ T511] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.020449][ T511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 25.020461][ T511] CR2: 0000000020000280 CR3: 000000010fc6e000 CR4: 00000000003506a0 [ 25.020474][ T511] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.020484][ T511] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.060490][ T537] loop2: detected capacity change from 0 to 2048 [ 25.064194][ T511] Call Trace: [ 25.064202][ T511] [ 25.064209][ T511] ? __die_body+0x62/0xb0 [ 25.064232][ T511] ? die+0x88/0xb0 [ 25.064246][ T511] ? do_trap+0x103/0x330 [ 25.064266][ T511] ? ext4_writepages+0x3fab/0x3fd0 [ 25.064285][ T511] ? handle_invalid_op+0x95/0xc0 [ 25.064304][ T511] ? ext4_writepages+0x3fab/0x3fd0 [ 25.186414][ T511] ? exc_invalid_op+0x32/0x50 [ 25.190916][ T511] ? asm_exc_invalid_op+0x1b/0x20 [ 25.195775][ T511] ? ext4_writepages+0x70b/0x3fd0 [ 25.200632][ T511] ? ext4_writepages+0x3fab/0x3fd0 [ 25.205581][ T511] ? ext4_writepages+0x3fab/0x3fd0 [ 25.210530][ T511] ? is_bpf_text_address+0x172/0x190 [ 25.215648][ T511] ? is_module_text_address+0x1a0/0x360 [ 25.221036][ T511] ? stack_trace_save+0x1c0/0x1c0 [ 25.225904][ T511] ? ext4_read_folio+0x240/0x240 [ 25.230672][ T511] ? is_bpf_text_address+0x172/0x190 [ 25.235792][ T511] ? is_module_text_address+0x1a0/0x360 [ 25.241168][ T511] ? ext4_read_folio+0x240/0x240 [ 25.245950][ T511] do_writepages+0x385/0x620 [ 25.250365][ T511] ? __writepage+0x130/0x130 [ 25.254791][ T511] ? arch_stack_walk+0xf3/0x140 [ 25.259482][ T511] ? _raw_spin_unlock+0x4c/0x70 [ 25.264167][ T511] filemap_fdatawrite_wbc+0x153/0x1b0 [ 25.269375][ T511] filemap_flush+0x11a/0x170 [ 25.273803][ T511] ? locks_remove_posix+0x610/0x610 [ 25.278834][ T511] ? filemap_fdatawrite_range+0x1e0/0x1e0 [ 25.284390][ T511] ? do_group_exit+0x21a/0x2d0 [ 25.288992][ T511] ext4_alloc_da_blocks+0x77/0x1a0 [ 25.293940][ T511] ext4_release_file+0x84/0x310 [ 25.298633][ T511] ? ext4_file_open+0x750/0x750 [ 25.303310][ T511] __fput+0x3ab/0x870 [ 25.307137][ T511] ____fput+0x15/0x20 [ 25.310950][ T511] task_work_run+0x24d/0x2e0 [ 25.315636][ T511] ? task_work_cancel+0x2b0/0x2b0 [ 25.320498][ T511] ? __kasan_check_write+0x14/0x20 [ 25.325442][ T511] ? exit_task_namespaces+0xc2/0xd0 [ 25.330476][ T511] do_exit+0xbd5/0x2b80 [ 25.334470][ T511] ? put_task_struct+0x80/0x80 [ 25.339069][ T511] ? memset+0x35/0x40 [ 25.342891][ T511] do_group_exit+0x21a/0x2d0 [ 25.347317][ T511] get_signal+0x169d/0x1820 [ 25.351654][ T511] ? kick_process+0xde/0x150 [ 25.356082][ T511] ? ptrace_notify+0x350/0x350 [ 25.360686][ T511] ? __send_signal_locked+0x64c/0xc30 [ 25.365890][ T511] arch_do_signal_or_restart+0xb0/0x16f0 [ 25.371363][ T511] ? send_signal_locked+0x43a/0x590 [ 25.376391][ T511] ? _raw_spin_unlock_irqrestore+0x5b/0x80 [ 25.382126][ T511] ? force_sig_info_to_task+0x31c/0x440 [ 25.387504][ T511] ? get_sigframe_size+0x10/0x10 [ 25.392279][ T511] ? page_fault_oops+0xa90/0xa90 [ 25.397052][ T511] exit_to_user_mode_loop+0x74/0xa0 [ 25.402084][ T511] exit_to_user_mode_prepare+0x5a/0xa0 [ 25.407465][ T511] irqentry_exit_to_user_mode+0x9/0x20 [ 25.412776][ T511] irqentry_exit+0x12/0x40 [ 25.417022][ T511] exc_page_fault+0x4f3/0x700 [ 25.421530][ T511] asm_exc_page_fault+0x27/0x30 [ 25.426300][ T511] RIP: 0033:0x7f5123ad4ba8 [ 25.430550][ T511] Code: Unable to access opcode bytes at 0x7f5123ad4b7e. [ 25.437496][ T511] RSP: 002b:00007f5123ac9220 EFLAGS: 00010213 [ 25.443431][ T511] RAX: 00007f5123ad4ba8 RBX: 00007f5123b95708 RCX: 00007f5123b0ce09 [ 25.451208][ T511] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5123b9570c [ 25.459107][ T511] RBP: 00007f5123b95700 R08: 0000000000000000 R09: 0000000000000000 [pid 537] mount("/dev/loop2", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 298] <... umount2 resumed>) = 0 [pid 298] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] <... umount2 resumed>) = 0 [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [ 25.466922][ T511] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f5123b6182c [ 25.474754][ T511] R13: 00007f5123b610c0 R14: 0000000020000fc0 R15: 0030656c69662f2e [ 25.482644][ T511] [ 25.485607][ T511] Modules linked in: [ 25.492042][ T511] ---[ end trace 0000000000000000 ]--- [ 25.502660][ T511] RIP: 0010:ext4_writepages+0x3fab/0x3fd0 [pid 527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000600} --- [pid 298] newfstatat(AT_FDCWD, "./10/file0", [pid 296] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 296] newfstatat(AT_FDCWD, "./10/file0", [pid 298] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 298] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 296] umount2("./10/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 298] <... openat resumed>) = 4 [pid 296] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 298] newfstatat(4, "", [pid 296] openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 298] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 296] <... openat resumed>) = 4 [pid 298] getdents64(4, [pid 296] newfstatat(4, "", [pid 298] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 296] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 298] getdents64(4, [pid 296] getdents64(4, [pid 298] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 2 entries */, 32768) = 48 [pid 298] close(4 [pid 296] getdents64(4, [pid 298] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fce770 /* 0 entries */, 32768) = 0 [pid 298] rmdir("./10/file0" [pid 296] close(4 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 298] getdents64(3, [pid 296] rmdir("./10/file0" [pid 298] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] close(3 [pid 296] getdents64(3, [pid 298] <... close resumed>) = 0 [pid 296] <... getdents64 resumed>0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 298] rmdir("./10" [pid 296] close(3 [pid 298] <... rmdir resumed>) = 0 [pid 296] <... close resumed>) = 0 [pid 298] mkdir("./11", 0777 [pid 296] rmdir("./10" [pid 298] <... mkdir resumed>) = 0 [pid 296] <... rmdir resumed>) = 0 [pid 298] openat(AT_FDCWD, "/dev/loop3", O_RDWR [pid 296] mkdir("./11", 0777 [pid 298] <... openat resumed>) = 3 [pid 296] <... mkdir resumed>) = 0 [pid 298] ioctl(3, LOOP_CLR_FD [pid 296] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 298] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 296] <... openat resumed>) = 3 [pid 298] close(3 [pid 296] ioctl(3, LOOP_CLR_FD [pid 298] <... close resumed>) = 0 [pid 296] <... ioctl resumed>) = -1 ENXIO (No such device or address) [pid 298] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD [pid 296] close(3) = 0 [pid 298] <... clone resumed>, child_tidptr=0x555556fc5690) = 539 [pid 296] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 540 ./strace-static-x86_64: Process 540 attached [pid 540] set_robust_list(0x555556fc56a0, 24) = 0 [pid 540] chdir("./11") = 0 [pid 540] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 540] setpgid(0, 0) = 0 [pid 540] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 540] write(3, "1000", 4) = 4 [pid 540] close(3) = 0 [pid 540] symlink("/dev/binderfs", "./binderfs") = 0 [pid 540] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 540] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, NULL, 8) = 0 [pid 540] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 527] +++ killed by SIGBUS +++ [pid 524] <... mmap resumed>) = ? [pid 540] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 540] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f5123aa9000 [pid 540] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 540] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 540] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} => {parent_tid=[541]}, 88) = 541 [pid 540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 540] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 540] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 541 attached [pid 541] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 541] memfd_create("syzkaller", 0) = 3 [pid 524] +++ killed by SIGBUS +++ [pid 541] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 299] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=524, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5} --- ./strace-static-x86_64: Process 539 attached [pid 299] restart_syscall(<... resuming interrupted clone ...> [pid 539] set_robust_list(0x555556fc56a0, 24) = 0 [pid 541] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 299] <... restart_syscall resumed>) = 0 [pid 539] chdir("./11" [pid 299] umount2("./11", MNT_FORCE|UMOUNT_NOFOLLOW [pid 539] <... chdir resumed>) = 0 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 539] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 541] <... write resumed>) = 1048576 [pid 539] <... prctl resumed>) = 0 [pid 299] openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY [pid 541] munmap(0x7f511b6a9000, 138412032) = 0 [pid 541] openat(AT_FDCWD, "/dev/loop1", O_RDWR [pid 539] setpgid(0, 0 [pid 541] <... openat resumed>) = 4 [pid 541] ioctl(4, LOOP_SET_FD, 3 [pid 299] <... openat resumed>) = 3 [pid 539] <... setpgid resumed>) = 0 [pid 299] newfstatat(3, "", [pid 539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 299] <... newfstatat resumed>{st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 539] <... openat resumed>) = 3 [pid 299] getdents64(3, [pid 541] <... ioctl resumed>) = 0 [pid 541] close(3) = 0 [pid 541] close(4) = 0 [pid 541] mkdir("./file0", 0777) = 0 [pid 541] mount("/dev/loop1", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue" [pid 539] write(3, "1000", 4 [pid 299] <... getdents64 resumed>0x555556fc6730 /* 4 entries */, 32768) = 112 [pid 539] <... write resumed>) = 4 [pid 299] umount2("./11/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW [pid 539] close(3 [pid 299] <... umount2 resumed>) = -1 EINVAL (Invalid argument) [pid 539] <... close resumed>) = 0 [pid 299] newfstatat(AT_FDCWD, "./11/binderfs", [pid 539] symlink("/dev/binderfs", "./binderfs" [pid 299] <... newfstatat resumed>{st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 539] <... symlink resumed>) = 0 [pid 299] unlink("./11/binderfs" [pid 539] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... mount resumed>) = 0 [pid 299] <... unlink resumed>) = 0 [pid 539] <... futex resumed>) = 0 [pid 537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY [pid 299] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW [pid 539] rt_sigaction(SIGRT_1, {sa_handler=0x7f5123b33220, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f5123b243d0}, [pid 537] <... openat resumed>) = 3 [pid 539] <... rt_sigaction resumed>NULL, 8) = 0 [pid 537] chdir("./file0" [pid 539] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 537] <... chdir resumed>) = 0 [pid 539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 537] openat(AT_FDCWD, "/dev/loop2", O_RDWR [pid 539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 537] <... openat resumed>) = 4 [pid 539] <... mmap resumed>) = 0x7f5123aa9000 [pid 537] ioctl(4, LOOP_CLR_FD [pid 539] mprotect(0x7f5123aaa000, 131072, PROT_READ|PROT_WRITE [pid 537] <... ioctl resumed>) = 0 [pid 539] <... mprotect resumed>) = 0 [pid 537] close(4 [pid 539] rt_sigprocmask(SIG_BLOCK, ~[], [pid 537] <... close resumed>) = 0 [pid 539] <... rt_sigprocmask resumed>[], 8) = 0 [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f5123ac9990, parent_tid=0x7f5123ac9990, exit_signal=0, stack=0x7f5123aa9000, stack_size=0x20300, tls=0x7f5123ac96c0} [pid 537] <... futex resumed>) = 1 [pid 536] <... futex resumed>) = 0 [pid 537] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 539] <... clone3 resumed> => {parent_tid=[544]}, 88) = 544 [pid 537] <... open resumed>) = 4 [pid 536] <... futex resumed>) = 0 [pid 539] rt_sigprocmask(SIG_SETMASK, [], [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 537] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 539] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 539] <... futex resumed>) = 0 [pid 537] <... write resumed>) = 9 [pid 539] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 537] creat("./bus", 000 [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... creat resumed>) = 5 [pid 536] <... futex resumed>) = 0 [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 25.508952][ T511] Code: 43 81 ff 31 ff 89 de e8 23 43 81 ff 45 84 f6 75 2a e8 89 40 81 ff 49 bc 00 00 00 00 00 fc ff df e9 6e f6 ff ff e8 75 40 81 ff <0f> 0b e8 6e 40 81 ff e8 55 62 0c ff e9 46 c3 ff ff e8 5f 40 81 ff [ 25.531846][ T511] RSP: 0018:ffffc90001437000 EFLAGS: 00010293 [ 25.539677][ T511] RAX: ffffffff81f41dab RBX: 0000008000000000 RCX: ffff8881184dbcc0 [ 25.540821][ T541] loop1: detected capacity change from 0 to 2048 [ 25.555183][ T511] RDX: 0000000000000000 RSI: 0000008000000000 RDI: 0000000000000000 [ 25.563171][ T511] RBP: ffffc90001437410 R08: ffffffff81f3e50b R09: ffffed10200b439e [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] creat("./bus", 000) = 6 [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 537] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... open resumed>) = 7 [pid 536] <... futex resumed>) = 0 [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... mmap resumed>) = 0x20000000 [pid 536] <... futex resumed>) = 0 [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... futex resumed>) = 0 [pid 536] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 537] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 536] <... futex resumed>) = 0 [pid 537] ftruncate(6, 31 [pid 536] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 537] <... ftruncate resumed>) = 0 [pid 537] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 536] <... futex resumed>) = 0 [pid 537] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 536] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 537] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 536] <... futex resumed>) = 0 [pid 536] futex(0x7f5123b9571c, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0./strace-static-x86_64: Process 544 attached [pid 544] set_robust_list(0x7f5123ac99a0, 24) = 0 [pid 544] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 544] memfd_create("syzkaller", 0) = 3 [pid 544] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f511b6a9000 [pid 299] <... umount2 resumed>) = 0 [pid 299] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [pid 299] umount2("./11/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [pid 299] openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [pid 299] newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [pid 299] getdents64(4, 0x555556fce770 /* 2 entries */, 32768) = 48 [pid 299] getdents64(4, 0x555556fce770 /* 0 entries */, 32768) = 0 [pid 299] close(4) = 0 [pid 299] rmdir("./11/file0") = 0 [pid 299] getdents64(3, 0x555556fc6730 /* 0 entries */, 32768) = 0 [pid 299] close(3) = 0 [pid 299] rmdir("./11") = 0 [pid 299] mkdir("./12", 0777) = 0 [pid 299] openat(AT_FDCWD, "/dev/loop4", O_RDWR) = 3 [ 25.571900][ T511] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff888119420000 [ 25.579812][ T511] R13: ffff8881005a1e28 R14: 0000009410000000 R15: ffffc900014372e0 [ 25.581535][ T537] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 25.588006][ T511] FS: 0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 25.611506][ T511] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [pid 299] ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [pid 299] close(3) = 0 [pid 299] clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556fc5690) = 547 ./strace-static-x86_64: Process 547 attached [pid 541] <... mount resumed>) = 0 [pid 541] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 541] chdir("./file0") = 0 [pid 541] openat(AT_FDCWD, "/dev/loop1", O_RDWR) = 4 [pid 541] ioctl(4, LOOP_CLR_FD) = 0 [pid 541] close(4 [pid 547] set_robust_list(0x555556fc56a0, 24 [pid 541] <... close resumed>) = 0 [pid 547] <... set_robust_list resumed>) = 0 [pid 541] futex(0x7f5123b9570c, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] chdir("./12" [pid 541] <... futex resumed>) = 1 [pid 540] <... futex resumed>) = 0 [pid 547] <... chdir resumed>) = 0 [pid 541] futex(0x7f5123b95708, FUTEX_WAIT_PRIVATE, 0, NULL [pid 540] futex(0x7f5123b95708, FUTEX_WAKE_PRIVATE, 1000000 [pid 547] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 541] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 540] <... futex resumed>) = 0 [pid 547] <... prctl resumed>) = 0 [pid 541] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_SYNC|O_NOATIME|FASYNC, 000 [pid 540] futex(0x7f5123b9570c, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 547] setpgid(0, 0 [pid 541] <... open resumed>) = 4 [pid 547] <... setpgid resumed>) = 0 [ 25.617922][ T511] CR2: 00007f5123aca000 CR3: 0000000121030000 CR4: 00000000003506a0 [ 25.625772][ T511] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 25.633651][ T511] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 25.641523][ T511] Kernel panic - not syncing: Fatal exception [ 25.647985][ T511] Kernel Offset: disabled [ 25.652142][ T511] Rebooting in 86400 seconds..