./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor201862900 <...> Warning: Permanently added '10.128.1.10' (ECDSA) to the list of known hosts. execve("./syz-executor201862900", ["./syz-executor201862900"], 0x7ffe74942810 /* 10 vars */) = 0 brk(NULL) = 0x555555a3b000 brk(0x555555a3bc40) = 0x555555a3bc40 arch_prctl(ARCH_SET_FS, 0x555555a3b300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x555555a3b5d0) = 304 set_robust_list(0x555555a3b5e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7f3e45e56570, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7f3e45e56c40}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f3e45e56610, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3e45e56c40}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor201862900", 4096) = 27 brk(0x555555a5cc40) = 0x555555a5cc40 brk(0x555555a5d000) = 0x555555a5d000 mprotect(0x7f3e45f18000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 304 mkdir("./syzkaller.Jii9Kd", 0700) = 0 chmod("./syzkaller.Jii9Kd", 0777) = 0 chdir("./syzkaller.Jii9Kd") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 305 ./strace-static-x86_64: Process 305 attached [pid 305] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 305] chdir("./0") = 0 [pid 305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 305] setpgid(0, 0) = 0 [pid 305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 305] write(3, "1000", 4) = 4 [pid 305] close(3) = 0 [pid 305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 305] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 305] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[307], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 307 [pid 305] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 31.147299][ T22] audit: type=1400 audit(1677426325.830:73): avc: denied { execmem } for pid=304 comm="syz-executor201" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 31.171189][ T22] audit: type=1400 audit(1677426325.850:74): avc: denied { read write } for pid=304 comm="syz-executor201" name="loop0" dev="devtmpfs" ino=9306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 305] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 307 attached [pid 307] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 307] memfd_create("syzkaller", 0) = 3 [pid 307] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 307] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 307] munmap(0x7f3e3da25000, 1048576) = 0 [pid 307] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 307] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 307] close(3) = 0 [pid 307] mkdir("./file0", 0777) = 0 [ 31.195896][ T22] audit: type=1400 audit(1677426325.850:75): avc: denied { open } for pid=304 comm="syz-executor201" path="/dev/loop0" dev="devtmpfs" ino=9306 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 31.221187][ T22] audit: type=1400 audit(1677426325.850:76): avc: denied { ioctl } for pid=304 comm="syz-executor201" path="/dev/loop0" dev="devtmpfs" ino=9306 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [pid 307] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 307] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 307] chdir("./file0") = 0 [pid 307] ioctl(4, LOOP_CLR_FD) = 0 [pid 307] close(4) = 0 [pid 307] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 307] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 305] <... futex resumed>) = 0 [pid 305] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 305] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[311], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 311 [pid 305] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 305] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 305] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[312], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 312 [pid 305] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 305] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 307] <... futex resumed>) = 1 [pid 307] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 307] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 307] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 311 attached [pid 311] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 305] <... futex resumed>) = ? [pid 307] <... futex resumed>) = ? [ 31.247376][ T22] audit: type=1400 audit(1677426325.880:77): avc: denied { mounton } for pid=305 comm="syz-executor201" path="/root/syzkaller.Jii9Kd/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 31.256624][ T307] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue ./strace-static-x86_64: Process 312 attached [pid 307] +++ killed by SIGBUS +++ [pid 311] +++ killed by SIGBUS +++ [pid 312] +++ killed by SIGBUS +++ [pid 305] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=305, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 31.281259][ T22] audit: type=1400 audit(1677426325.960:78): avc: denied { mount } for pid=305 comm="syz-executor201" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 31.303201][ T22] audit: type=1400 audit(1677426325.970:79): avc: denied { write } for pid=305 comm="syz-executor201" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 31.325414][ T22] audit: type=1400 audit(1677426325.970:80): avc: denied { add_name } for pid=305 comm="syz-executor201" name="blkio.throttle.io_service_bytes" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 31.348932][ T22] audit: type=1400 audit(1677426325.970:81): avc: denied { create } for pid=305 comm="syz-executor201" name="blkio.throttle.io_service_bytes" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 31.372179][ T22] audit: type=1400 audit(1677426325.970:82): avc: denied { read append open } for pid=305 comm="syz-executor201" path="/root/syzkaller.Jii9Kd/0/file0/blkio.throttle.io_service_bytes" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 313 ./strace-static-x86_64: Process 313 attached [pid 313] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 313] chdir("./1") = 0 [pid 313] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 313] setpgid(0, 0) = 0 [pid 313] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 313] write(3, "1000", 4) = 4 [pid 313] close(3) = 0 [pid 313] symlink("/dev/binderfs", "./binderfs") = 0 [pid 313] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 313] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 314 attached , parent_tid=[314], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 314 [pid 314] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 314] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] <... futex resumed>) = 0 [pid 314] memfd_create("syzkaller", 0 [pid 313] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 314] <... memfd_create resumed>) = 3 [pid 314] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 314] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 314] munmap(0x7f3e3da25000, 1048576) = 0 [pid 314] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 314] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 314] close(3) = 0 [pid 314] mkdir("./file0", 0777) = 0 [pid 314] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 314] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 314] chdir("./file0") = 0 [pid 314] ioctl(4, LOOP_CLR_FD) = 0 [pid 314] close(4) = 0 [pid 314] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 314] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 314] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 314] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] <... futex resumed>) = 0 [pid 313] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 313] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 313] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[318], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 318 [pid 313] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 313] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 313] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[319], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 319 ./strace-static-x86_64: Process 318 attached ./strace-static-x86_64: Process 319 attached [pid 313] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 313] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] set_robust_list(0x7f3e3db039e0, 24 [pid 318] set_robust_list(0x7f3e3db249e0, 24 [pid 319] <... set_robust_list resumed>) = 0 [pid 318] <... set_robust_list resumed>) = 0 [pid 319] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 318] write(4, "#! ./file0 \n", 12 [pid 314] <... futex resumed>) = 0 [pid 319] <... socket resumed>) = 5 [pid 314] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 319] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... write resumed>) = 12 [pid 319] <... futex resumed>) = 1 [pid 318] write(4, "#! ./file0 \n", 12 [pid 313] <... futex resumed>) = 0 [pid 319] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 313] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 319] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 318] <... write resumed>) = 12 [pid 319] openat(AT_FDCWD, "/proc/thread-self", O_RDONLY|O_NOFOLLOW|O_NOATIME [pid 313] <... futex resumed>) = 0 [pid 318] write(4, "#! ./file0 \n", 12 [pid 313] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 319] <... openat resumed>) = -1 ELOOP (Too many levels of symbolic links) [pid 319] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 318] <... write resumed>) = 12 [pid 319] <... futex resumed>) = 1 [pid 318] write(4, "#! ./file0 \n", 12 [pid 313] <... futex resumed>) = 0 [pid 319] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... write resumed>) = 12 [pid 318] write(4, 0x200002c0, 12 [pid 314] <... mmap resumed>) = 0x20000000 [pid 314] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 314] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 318] <... write resumed>) = 12 [pid 318] write(4, 0x200002c0, 12) = 12 [ 31.475098][ T314] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 31.499283][ T318] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [ 31.515082][ T318] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 31.527269][ T318] EXT4-fs (loop0): This should not happen!! Data will be lost [ 31.527269][ T318] [ 31.537150][ T318] EXT4-fs (loop0): Total free blocks count 0 [ 31.543440][ T318] EXT4-fs (loop0): Free/Dirty block details [ 31.549368][ T318] EXT4-fs (loop0): free_blocks=2415919104 [ 31.555105][ T318] EXT4-fs (loop0): dirty_blocks=16 [ 31.560219][ T318] EXT4-fs (loop0): Block reservation details [ 31.566223][ T318] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 318] write(4, 0x200002c0, 12 [pid 313] exit_group(0 [pid 319] <... futex resumed>) = ? [pid 314] <... futex resumed>) = ? [pid 313] <... exit_group resumed>) = ? [pid 319] +++ exited with 0 +++ [pid 314] +++ exited with 0 +++ [pid 318] <... write resumed>) = ? [pid 318] +++ exited with 0 +++ [pid 313] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=313, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 31.573143][ T318] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 31.585399][ T318] EXT4-fs (loop0): This should not happen!! Data will be lost [ 31.585399][ T318] umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 320 ./strace-static-x86_64: Process 320 attached [pid 320] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 320] chdir("./2") = 0 [pid 320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 320] setpgid(0, 0) = 0 [pid 320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 320] write(3, "1000", 4) = 4 [pid 320] close(3) = 0 [pid 320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 320] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 320] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[321], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 321 [pid 320] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 321 attached [pid 321] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 321] memfd_create("syzkaller", 0) = 3 [pid 321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 321] munmap(0x7f3e3da25000, 1048576) = 0 [pid 321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 321] close(3) = 0 [pid 321] mkdir("./file0", 0777) = 0 [pid 321] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 321] chdir("./file0") = 0 [pid 321] ioctl(4, LOOP_CLR_FD) = 0 [pid 321] close(4) = 0 [pid 321] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 320] <... futex resumed>) = 0 [pid 320] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 321] <... futex resumed>) = 1 [pid 321] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 321] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 320] <... futex resumed>) = 0 [pid 321] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 320] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 321] <... mmap resumed>) = 0x20000000 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 320] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 320] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 325 attached , parent_tid=[325], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 325 [pid 325] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 325] futex(0x7f3e45f1e7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 320] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 325] <... futex resumed>) = 0 [pid 320] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 320] <... mmap resumed>) = 0x7f3e3dae3000 [pid 320] ????() = ? [pid 325] +++ killed by SIGBUS +++ [pid 321] +++ killed by SIGBUS +++ [pid 320] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=320, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 31.736172][ T321] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 326 ./strace-static-x86_64: Process 326 attached [pid 326] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 326] chdir("./3") = 0 [pid 326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 326] setpgid(0, 0) = 0 [pid 326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 326] write(3, "1000", 4) = 4 [pid 326] close(3) = 0 [pid 326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 326] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 326] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 326] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 327 attached , parent_tid=[327], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 327 [pid 327] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 327] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 326] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 327] <... futex resumed>) = 0 [pid 327] memfd_create("syzkaller", 0 [pid 326] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 327] <... memfd_create resumed>) = 3 [pid 327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 327] munmap(0x7f3e3da25000, 1048576) = 0 [pid 327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 327] close(3) = 0 [pid 327] mkdir("./file0", 0777) = 0 [pid 327] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 327] chdir("./file0") = 0 [pid 327] ioctl(4, LOOP_CLR_FD) = 0 [pid 327] close(4) = 0 [pid 327] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 326] <... futex resumed>) = 0 [pid 327] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 326] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] <... openat resumed>) = 4 [pid 327] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 326] <... futex resumed>) = 0 [pid 326] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 326] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 326] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[331], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 331 [pid 326] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 326] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 326] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 327] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 326] <... clone resumed>, parent_tid=[332], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 332 [pid 326] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 326] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 327] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 327] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 331 attached [pid 331] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 331] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 326] <... futex resumed>) = ? [pid 327] <... futex resumed>) = ? ./strace-static-x86_64: Process 332 attached [pid 327] +++ killed by SIGBUS +++ [pid 331] +++ killed by SIGBUS +++ [pid 332] +++ killed by SIGBUS +++ [pid 326] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=326, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 31.845362][ T327] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 333 ./strace-static-x86_64: Process 333 attached [pid 333] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 333] chdir("./4") = 0 [pid 333] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 333] setpgid(0, 0) = 0 [pid 333] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 333] write(3, "1000", 4) = 4 [pid 333] close(3) = 0 [pid 333] symlink("/dev/binderfs", "./binderfs") = 0 [pid 333] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 333] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[334], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 334 [pid 333] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 334 attached [pid 334] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 334] memfd_create("syzkaller", 0) = 3 [pid 334] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 334] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 334] munmap(0x7f3e3da25000, 1048576) = 0 [pid 334] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 334] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 334] close(3) = 0 [pid 334] mkdir("./file0", 0777) = 0 [pid 334] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 334] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 334] chdir("./file0") = 0 [pid 334] ioctl(4, LOOP_CLR_FD) = 0 [pid 334] close(4) = 0 [pid 334] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 334] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 333] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[338], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 338 [pid 333] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 333] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 333] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[339], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 339 [pid 333] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 333] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 1 [pid 334] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 334] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 334] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 339 attached [pid 339] set_robust_list(0x7f3e3db039e0, 24) = 0 [pid 339] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 339] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 333] <... futex resumed>) = 0 [pid 333] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 333] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 334] <... futex resumed>) = 0 [pid 334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 333] <... futex resumed>) = ? [pid 339] <... futex resumed>) = ? ./strace-static-x86_64: Process 338 attached [pid 334] +++ killed by SIGBUS +++ [pid 338] +++ killed by SIGBUS +++ [pid 339] +++ killed by SIGBUS +++ [pid 333] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=333, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 32.015407][ T334] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 340 ./strace-static-x86_64: Process 340 attached [pid 340] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 340] chdir("./5") = 0 [pid 340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 340] setpgid(0, 0) = 0 [pid 340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 340] write(3, "1000", 4) = 4 [pid 340] close(3) = 0 [pid 340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 340] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 340] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[341], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 341 [pid 340] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 341 attached [pid 341] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 341] memfd_create("syzkaller", 0) = 3 [pid 341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 341] munmap(0x7f3e3da25000, 1048576) = 0 [pid 341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 341] close(3) = 0 [pid 341] mkdir("./file0", 0777) = 0 [pid 341] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 341] chdir("./file0") = 0 [pid 341] ioctl(4, LOOP_CLR_FD) = 0 [pid 341] close(4) = 0 [pid 341] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 341] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 340] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[345], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 345 [pid 340] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 340] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 340] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[346], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 346 [pid 340] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 340] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 345 attached [pid 345] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 345] write(4, "#! ./file0 \n", 12) = 12 [pid 345] write(4, "#! ./file0 \n", 12) = 12 [pid 345] write(4, "#! ./file0 \n", 12) = 12 [pid 345] write(4, "#! ./file0 \n", 12 [pid 341] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 345] <... write resumed>) = 12 [pid 345] write(4, 0x200002c0, 12) = 12 [pid 345] write(4, 0x200002c0, 12) = 12 [pid 345] write(4, 0x200002c0, 12./strace-static-x86_64: Process 346 attached [pid 341] <... mmap resumed>) = 0x20000000 [pid 341] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 341] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 346] set_robust_list(0x7f3e3db039e0, 24) = 0 [pid 346] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 346] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 346] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] <... futex resumed>) = 0 [pid 340] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 340] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 341] <... futex resumed>) = 0 [ 32.105333][ T341] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 32.129503][ T345] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 340] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 340] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 345] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 341] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_NOFOLLOW|O_NOATIME [pid 345] write(4, 0x200002c0, 12 [pid 341] <... openat resumed>) = -1 ELOOP (Too many levels of symbolic links) [pid 341] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.144626][ T345] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 32.156912][ T345] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.156912][ T345] [ 32.166790][ T345] EXT4-fs (loop0): Total free blocks count 0 [ 32.172768][ T345] EXT4-fs (loop0): Free/Dirty block details [ 32.178767][ T345] EXT4-fs (loop0): free_blocks=2415919104 [ 32.184508][ T345] EXT4-fs (loop0): dirty_blocks=16 [ 32.189891][ T345] EXT4-fs (loop0): Block reservation details [ 32.195988][ T345] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 341] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 345] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 345] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.202639][ T345] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 32.215470][ T345] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.215470][ T345] [pid 345] futex(0x7f3e45f1e7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 340] exit_group(0 [pid 346] <... futex resumed>) = ? [pid 341] <... futex resumed>) = ? [pid 340] <... exit_group resumed>) = ? [pid 346] +++ exited with 0 +++ [pid 341] +++ exited with 0 +++ [pid 345] <... futex resumed>) = ? [pid 345] +++ exited with 0 +++ [pid 340] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=340, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 347 ./strace-static-x86_64: Process 347 attached [pid 347] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 347] chdir("./6") = 0 [pid 347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 347] setpgid(0, 0) = 0 [pid 347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 347] write(3, "1000", 4) = 4 [pid 347] close(3) = 0 [pid 347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 347] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 347] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 347] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 348 attached [pid 348] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 348] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] <... clone resumed>, parent_tid=[348], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 348 [pid 347] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 348] <... futex resumed>) = 0 [pid 347] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 348] memfd_create("syzkaller", 0) = 3 [pid 348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 348] munmap(0x7f3e3da25000, 1048576) = 0 [pid 348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 348] close(3) = 0 [pid 348] mkdir("./file0", 0777) = 0 [pid 348] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 348] chdir("./file0") = 0 [pid 348] ioctl(4, LOOP_CLR_FD) = 0 [pid 348] close(4) = 0 [pid 348] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 348] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 347] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 347] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[352], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 352 [pid 347] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 347] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 347] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[353], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 353 [pid 347] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 347] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 352 attached [pid 352] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 352] write(4, "#! ./file0 \n", 12./strace-static-x86_64: Process 353 attached [pid 348] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 352] <... write resumed>) = 12 [pid 352] write(4, "#! ./file0 \n", 12) = 12 [pid 352] write(4, 0x200002c0, 12 [pid 348] <... mmap resumed>) = 0x20000000 [pid 352] <... write resumed>) = 12 [pid 352] write(4, 0x200002c0, 12) = 12 [pid 352] write(4, 0x200002c0, 12) = 12 [pid 352] write(4, 0x200002c0, 12 [pid 348] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 353] set_robust_list(0x7f3e3db039e0, 24 [pid 352] <... write resumed>) = 12 [pid 352] write(4, 0x200002c0, 12 [pid 353] <... set_robust_list resumed>) = 0 [pid 348] <... futex resumed>) = 0 [pid 348] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 353] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 353] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 353] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] <... futex resumed>) = 0 [pid 347] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 347] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 348] <... futex resumed>) = 0 [ 32.415527][ T348] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 32.441649][ T352] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 347] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 352] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 348] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_NOFOLLOW|O_NOATIME [pid 352] write(4, 0x200002c0, 12 [pid 348] <... openat resumed>) = -1 ELOOP (Too many levels of symbolic links) [pid 348] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.456949][ T352] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 32.469337][ T352] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.469337][ T352] [ 32.479108][ T352] EXT4-fs (loop0): Total free blocks count 0 [ 32.485241][ T352] EXT4-fs (loop0): Free/Dirty block details [ 32.491158][ T352] EXT4-fs (loop0): free_blocks=2415919104 [ 32.496917][ T352] EXT4-fs (loop0): dirty_blocks=16 [ 32.502126][ T352] EXT4-fs (loop0): Block reservation details [ 32.508168][ T352] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 348] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 352] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [ 32.514925][ T352] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 32.527269][ T352] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.527269][ T352] [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 352] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 352] futex(0x7f3e45f1e7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 347] exit_group(0 [pid 353] <... futex resumed>) = ? [pid 348] <... futex resumed>) = ? [pid 347] <... exit_group resumed>) = ? [pid 353] +++ exited with 0 +++ [pid 352] <... futex resumed>) = ? [pid 348] +++ exited with 0 +++ [pid 352] +++ exited with 0 +++ [pid 347] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=347, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 354 attached , child_tidptr=0x555555a3b5d0) = 354 [pid 354] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 354] chdir("./7") = 0 [pid 354] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 354] setpgid(0, 0) = 0 [pid 354] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 354] write(3, "1000", 4) = 4 [pid 354] close(3) = 0 [pid 354] symlink("/dev/binderfs", "./binderfs") = 0 [pid 354] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 354] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 354] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 355 attached , parent_tid=[355], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 355 [pid 355] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 355] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] <... futex resumed>) = 0 [pid 355] memfd_create("syzkaller", 0) = 3 [pid 355] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 354] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 355] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 355] munmap(0x7f3e3da25000, 1048576) = 0 [pid 355] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 355] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 355] close(3) = 0 [pid 355] mkdir("./file0", 0777) = 0 [pid 355] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 355] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 355] chdir("./file0") = 0 [pid 355] ioctl(4, LOOP_CLR_FD) = 0 [pid 355] close(4) = 0 [pid 355] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 355] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... futex resumed>) = 0 [pid 354] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 355] <... futex resumed>) = 0 [pid 354] <... futex resumed>) = 1 [pid 355] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 354] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 355] <... openat resumed>) = 4 [pid 355] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 354] <... futex resumed>) = 0 [pid 355] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 354] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 354] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 355] <... mmap resumed>) = 0x20000000 [pid 355] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 354] <... mmap resumed>) = 0x7f3e3db04000 [pid 354] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE [pid 355] <... futex resumed>) = 0 [pid 354] <... mprotect resumed>) = 0 [pid 354] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 359 attached [pid 359] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 359] futex(0x7f3e45f1e7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 355] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 354] <... clone resumed>, parent_tid=[359], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 359 [pid 354] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 359] <... futex resumed>) = 0 [pid 354] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 359] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 354] <... futex resumed>) = 1 [pid 354] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 355] <... futex resumed>) = ? [pid 359] +++ killed by SIGBUS +++ [pid 355] +++ killed by SIGBUS +++ [pid 354] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=354, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 32.686046][ T355] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 360 attached , child_tidptr=0x555555a3b5d0) = 360 [pid 360] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 360] chdir("./8") = 0 [pid 360] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 360] setpgid(0, 0) = 0 [pid 360] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 360] write(3, "1000", 4) = 4 [pid 360] close(3) = 0 [pid 360] symlink("/dev/binderfs", "./binderfs") = 0 [pid 360] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 360] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 360] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[361], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 361 [pid 360] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 361 attached [pid 361] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 361] memfd_create("syzkaller", 0) = 3 [pid 361] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 361] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 361] munmap(0x7f3e3da25000, 1048576) = 0 [pid 361] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 361] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 361] close(3) = 0 [pid 361] mkdir("./file0", 0777) = 0 [pid 361] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 361] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 361] chdir("./file0") = 0 [pid 361] ioctl(4, LOOP_CLR_FD) = 0 [pid 361] close(4) = 0 [pid 361] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 360] <... futex resumed>) = 0 [pid 361] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 360] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 361] <... openat resumed>) = 4 [pid 361] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 360] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 361] <... futex resumed>) = 0 [pid 360] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 361] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 360] <... futex resumed>) = 0 [pid 360] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 360] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 360] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 365 attached , parent_tid=[365], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 365 [pid 365] set_robust_list(0x7f3e3db249e0, 24 [pid 360] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... set_robust_list resumed>) = 0 [pid 360] <... futex resumed>) = 0 [pid 365] write(4, "#! ./file0 \n", 12 [pid 360] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 360] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 360] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[366], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 366 [pid 360] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 360] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 365] <... write resumed>) = 12 [pid 365] write(4, "#! ./file0 \n", 12./strace-static-x86_64: Process 366 attached [pid 361] <... mmap resumed>) = 0x20000000 [pid 365] <... write resumed>) = 12 [pid 365] write(4, 0x200002c0, 12 [pid 366] set_robust_list(0x7f3e3db039e0, 24 [pid 361] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 365] <... write resumed>) = 12 [pid 365] write(4, 0x200002c0, 12 [pid 366] <... set_robust_list resumed>) = 0 [pid 361] <... futex resumed>) = 0 [pid 365] <... write resumed>) = 12 [pid 365] write(4, 0x200002c0, 12 [pid 366] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 361] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 366] <... socket resumed>) = 5 [pid 365] <... write resumed>) = 12 [pid 365] write(4, 0x200002c0, 12) = 12 [pid 365] write(4, 0x200002c0, 12 [pid 366] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 360] <... futex resumed>) = 0 [pid 360] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 360] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 366] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 361] <... futex resumed>) = 0 [ 32.825247][ T361] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 32.851801][ T365] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 360] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 365] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 361] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_NOFOLLOW|O_NOATIME [pid 365] write(4, 0x200002c0, 12 [pid 361] <... openat resumed>) = -1 ELOOP (Too many levels of symbolic links) [pid 361] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 32.867105][ T365] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 32.879848][ T365] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.879848][ T365] [ 32.889495][ T365] EXT4-fs (loop0): Total free blocks count 0 [ 32.895660][ T365] EXT4-fs (loop0): Free/Dirty block details [ 32.901627][ T365] EXT4-fs (loop0): free_blocks=2415919104 [ 32.907923][ T365] EXT4-fs (loop0): dirty_blocks=16 [ 32.913054][ T365] EXT4-fs (loop0): Block reservation details [ 32.919077][ T365] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 361] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 365] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [ 32.925568][ T365] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 32.938178][ T365] EXT4-fs (loop0): This should not happen!! Data will be lost [ 32.938178][ T365] [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 365] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 365] futex(0x7f3e45f1e7b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 360] exit_group(0 [pid 366] <... futex resumed>) = ? [pid 361] <... futex resumed>) = ? [pid 360] <... exit_group resumed>) = ? [pid 366] +++ exited with 0 +++ [pid 361] +++ exited with 0 +++ [pid 365] <... futex resumed>) = ? [pid 365] +++ exited with 0 +++ [pid 360] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=360, si_uid=0, si_status=0, si_utime=0, si_stime=10} --- umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./8/binderfs") = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 367 ./strace-static-x86_64: Process 367 attached [pid 367] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 367] chdir("./9") = 0 [pid 367] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 367] setpgid(0, 0) = 0 [pid 367] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 367] write(3, "1000", 4) = 4 [pid 367] close(3) = 0 [pid 367] symlink("/dev/binderfs", "./binderfs") = 0 [pid 367] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 367] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 368 attached , parent_tid=[368], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 368 [pid 368] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 368] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] memfd_create("syzkaller", 0) = 3 [pid 368] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 367] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 368] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 368] munmap(0x7f3e3da25000, 1048576) = 0 [pid 368] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 368] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 368] close(3) = 0 [pid 368] mkdir("./file0", 0777) = 0 [pid 368] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 368] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 368] chdir("./file0") = 0 [pid 368] ioctl(4, LOOP_CLR_FD) = 0 [pid 368] close(4) = 0 [pid 368] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 368] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 367] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 368] <... openat resumed>) = 4 [pid 368] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] <... futex resumed>) = 0 [pid 367] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 368] <... futex resumed>) = 0 [pid 367] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 368] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 367] <... futex resumed>) = 0 [pid 368] <... mmap resumed>) = 0x20000000 [pid 368] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 368] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 367] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 367] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 367] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 372 attached [pid 372] set_robust_list(0x7f3e3db249e0, 24 [pid 367] <... clone resumed>, parent_tid=[372], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 372 [pid 372] <... set_robust_list resumed>) = 0 [pid 367] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 372] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 368] <... futex resumed>) = ? [pid 368] +++ killed by SIGBUS +++ [pid 372] +++ killed by SIGBUS +++ [pid 367] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=367, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./9/binderfs") = 0 [ 33.136118][ T368] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 373 ./strace-static-x86_64: Process 373 attached [pid 373] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 373] chdir("./10") = 0 [pid 373] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 373] setpgid(0, 0) = 0 [pid 373] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 373] write(3, "1000", 4) = 4 [pid 373] close(3) = 0 [pid 373] symlink("/dev/binderfs", "./binderfs") = 0 [pid 373] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 373] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[374], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 374 ./strace-static-x86_64: Process 374 attached [pid 374] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 374] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] <... futex resumed>) = 0 [pid 374] memfd_create("syzkaller", 0) = 3 [pid 374] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 373] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 374] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 374] munmap(0x7f3e3da25000, 1048576) = 0 [pid 374] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 374] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 374] close(3) = 0 [pid 374] mkdir("./file0", 0777) = 0 [pid 374] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 374] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 374] chdir("./file0") = 0 [pid 374] ioctl(4, LOOP_CLR_FD) = 0 [pid 374] close(4) = 0 [pid 374] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 374] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 373] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 374] <... futex resumed>) = 0 [pid 374] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 374] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 373] <... futex resumed>) = 0 [pid 373] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 373] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[378], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 378 [pid 373] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 373] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 373] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 373] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[379], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 379 ./strace-static-x86_64: Process 379 attached ./strace-static-x86_64: Process 378 attached [pid 373] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] set_robust_list(0x7f3e3db039e0, 24 [pid 378] set_robust_list(0x7f3e3db249e0, 24 [pid 373] <... futex resumed>) = 0 [pid 379] <... set_robust_list resumed>) = 0 [pid 378] <... set_robust_list resumed>) = 0 [pid 373] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 379] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 378] write(4, "#! ./file0 \n", 12 [pid 379] <... socket resumed>) = 5 [pid 379] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... write resumed>) = 12 [pid 379] <... futex resumed>) = 1 [pid 373] <... futex resumed>) = 0 [pid 378] write(4, "#! ./file0 \n", 12 [pid 379] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 373] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 378] <... write resumed>) = 12 [pid 373] <... futex resumed>) = 0 [pid 379] openat(AT_FDCWD, "/proc/thread-self", O_RDONLY|O_NOFOLLOW|O_NOATIME [pid 378] write(4, "#! ./file0 \n", 12 [pid 373] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 379] <... openat resumed>) = -1 ELOOP (Too many levels of symbolic links) [pid 379] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 378] <... write resumed>) = 12 [pid 379] <... futex resumed>) = 1 [pid 378] write(4, "#! ./file0 \n", 12 [pid 373] <... futex resumed>) = 0 [pid 379] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] <... write resumed>) = 12 [pid 378] write(4, "#! ./file0 \n", 12 [pid 374] <... futex resumed>) = 1 [pid 374] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 374] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 374] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 378] <... write resumed>) = 12 [pid 378] write(4, 0x200002c0, 12) = 12 [ 33.265165][ T374] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 33.288965][ T378] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [ 33.306443][ T378] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 33.318851][ T378] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.318851][ T378] [ 33.328821][ T378] EXT4-fs (loop0): Total free blocks count 0 [ 33.334841][ T378] EXT4-fs (loop0): Free/Dirty block details [ 33.341061][ T378] EXT4-fs (loop0): free_blocks=2415919104 [ 33.346826][ T378] EXT4-fs (loop0): dirty_blocks=16 [ 33.352057][ T378] EXT4-fs (loop0): Block reservation details [ 33.358149][ T378] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 378] write(4, 0x200002c0, 12 [pid 373] exit_group(0 [pid 379] <... futex resumed>) = ? [pid 378] <... write resumed>) = ? [pid 374] <... futex resumed>) = ? [pid 373] <... exit_group resumed>) = ? [pid 374] +++ exited with 0 +++ [pid 379] +++ exited with 0 +++ [pid 378] +++ exited with 0 +++ [pid 373] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=373, si_uid=0, si_status=0, si_utime=0, si_stime=13} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 [ 33.365123][ T378] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 33.377464][ T378] EXT4-fs (loop0): This should not happen!! Data will be lost [ 33.377464][ T378] getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./10/binderfs") = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 380 ./strace-static-x86_64: Process 380 attached [pid 380] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 380] chdir("./11") = 0 [pid 380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 380] setpgid(0, 0) = 0 [pid 380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 380] write(3, "1000", 4) = 4 [pid 380] close(3) = 0 [pid 380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 380] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 380] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[381], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 381 [pid 380] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 381 attached [pid 381] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 381] memfd_create("syzkaller", 0) = 3 [pid 381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 381] munmap(0x7f3e3da25000, 1048576) = 0 [pid 381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 381] close(3) = 0 [pid 381] mkdir("./file0", 0777) = 0 [pid 381] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 381] chdir("./file0") = 0 [pid 381] ioctl(4, LOOP_CLR_FD) = 0 [pid 381] close(4) = 0 [pid 381] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... futex resumed>) = 1 [pid 381] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 381] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 380] <... futex resumed>) = 0 [pid 380] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 380] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[385], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 385 [pid 380] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 380] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 380] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[386], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 386 [pid 380] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 380] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 381] <... futex resumed>) = 1 [pid 381] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 386 attached ./strace-static-x86_64: Process 385 attached [pid 386] set_robust_list(0x7f3e3db039e0, 24 [pid 385] set_robust_list(0x7f3e3db249e0, 24 [pid 386] <... set_robust_list resumed>) = 0 [pid 386] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 385] <... set_robust_list resumed>) = 0 [pid 381] <... mmap resumed>) = 0x20000000 [pid 386] <... socket resumed>) = 5 [pid 386] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 381] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 386] <... futex resumed>) = ? [pid 381] <... futex resumed>) = ? [pid 380] <... futex resumed>) = ? [pid 386] +++ killed by SIGBUS +++ [pid 381] +++ killed by SIGBUS +++ [pid 385] +++ killed by SIGBUS +++ [pid 380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./11/binderfs") = 0 [ 33.514996][ T381] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 387 ./strace-static-x86_64: Process 387 attached [pid 387] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 387] chdir("./12") = 0 [pid 387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 387] setpgid(0, 0) = 0 [pid 387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 387] write(3, "1000", 4) = 4 [pid 387] close(3) = 0 [pid 387] symlink("/dev/binderfs", "./binderfs") = 0 [pid 387] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 387] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 388 attached , parent_tid=[388], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 388 [pid 387] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 388] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 388] memfd_create("syzkaller", 0) = 3 [pid 388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 388] munmap(0x7f3e3da25000, 1048576) = 0 [pid 388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 388] close(3) = 0 [pid 388] mkdir("./file0", 0777) = 0 [pid 388] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 388] chdir("./file0") = 0 [pid 388] ioctl(4, LOOP_CLR_FD) = 0 [pid 388] close(4) = 0 [pid 388] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 1 [pid 388] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 388] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 388] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 387] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[392], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 392 [pid 387] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 387] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 387] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[393], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 393 [pid 387] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 387] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 0 [pid 388] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 388] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 388] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 393 attached [pid 393] set_robust_list(0x7f3e3db039e0, 24) = 0 [pid 393] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 393] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 387] <... futex resumed>) = 0 [pid 387] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 387] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 388] <... futex resumed>) = 0 [pid 388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 387] <... futex resumed>) = ? [pid 393] <... futex resumed>) = ? ./strace-static-x86_64: Process 392 attached [pid 388] +++ killed by SIGBUS +++ [pid 393] +++ killed by SIGBUS +++ [pid 392] +++ killed by SIGBUS +++ [pid 387] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=387, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./12/binderfs") = 0 [ 33.715483][ T388] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 394 attached [pid 394] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 394] chdir("./13") = 0 [pid 394] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 394] setpgid(0, 0) = 0 [pid 394] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 394] write(3, "1000", 4) = 4 [pid 394] close(3) = 0 [pid 394] symlink("/dev/binderfs", "./binderfs" [pid 304] <... clone resumed>, child_tidptr=0x555555a3b5d0) = 394 [pid 394] <... symlink resumed>) = 0 [pid 394] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 394] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[395], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 395 [pid 394] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 395 attached [pid 395] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 395] memfd_create("syzkaller", 0) = 3 [pid 395] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 395] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 395] munmap(0x7f3e3da25000, 1048576) = 0 [pid 395] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 395] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 395] close(3) = 0 [pid 395] mkdir("./file0", 0777) = 0 [pid 395] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 395] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 395] chdir("./file0") = 0 [pid 395] ioctl(4, LOOP_CLR_FD) = 0 [pid 395] close(4) = 0 [pid 395] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 395] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 394] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[399], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 399 [pid 394] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 394] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 394] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[400], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 400 [pid 394] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 394] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 1 [pid 395] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 395] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 395] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 400 attached [pid 400] set_robust_list(0x7f3e3db039e0, 24) = 0 [pid 400] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 400] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 394] <... futex resumed>) = 0 [pid 394] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 394] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 395] <... futex resumed>) = 0 [pid 395] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 394] <... futex resumed>) = ? [pid 400] <... futex resumed>) = ? ./strace-static-x86_64: Process 399 attached [pid 395] +++ killed by SIGBUS +++ [pid 399] +++ killed by SIGBUS +++ [pid 400] +++ killed by SIGBUS +++ [pid 394] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=394, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./13/binderfs") = 0 [ 33.895253][ T395] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 401 ./strace-static-x86_64: Process 401 attached [pid 401] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 401] chdir("./14") = 0 [pid 401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 401] setpgid(0, 0) = 0 [pid 401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 401] write(3, "1000", 4) = 4 [pid 401] close(3) = 0 [pid 401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 401] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 401] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[402], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 402 ./strace-static-x86_64: Process 402 attached [pid 401] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 402] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 402] memfd_create("syzkaller", 0) = 3 [pid 402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 402] munmap(0x7f3e3da25000, 1048576) = 0 [pid 402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 402] close(3) = 0 [pid 402] mkdir("./file0", 0777) = 0 [pid 402] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 402] chdir("./file0") = 0 [pid 402] ioctl(4, LOOP_CLR_FD) = 0 [pid 402] close(4) = 0 [pid 402] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 402] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 402] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 401] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... mmap resumed>) = 0x20000000 [pid 402] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 401] <... futex resumed>) = 0 [pid 402] <... futex resumed>) = 0 [pid 401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 402] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 401] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 401] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[406], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 406 [pid 401] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 401] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 402] <... futex resumed>) = 0 [pid 401] <... futex resumed>) = 1 [pid 402] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 401] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 402] <... socket resumed>) = 5 [pid 402] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 401] <... futex resumed>) = 0 [pid 401] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 402] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 401] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? ./strace-static-x86_64: Process 406 attached [pid 406] +++ killed by SIGBUS +++ [pid 402] +++ killed by SIGBUS +++ [pid 401] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=401, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./14/binderfs") = 0 [ 34.015015][ T402] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 407 ./strace-static-x86_64: Process 407 attached [pid 407] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 407] chdir("./15") = 0 [pid 407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 407] setpgid(0, 0) = 0 [pid 407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 407] write(3, "1000", 4) = 4 [pid 407] close(3) = 0 [pid 407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 407] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 407] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[408], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 408 [pid 407] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 408] memfd_create("syzkaller", 0) = 3 [pid 408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 408] munmap(0x7f3e3da25000, 1048576) = 0 [pid 408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 408] close(3) = 0 [pid 408] mkdir("./file0", 0777) = 0 [pid 408] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 408] chdir("./file0") = 0 [pid 408] ioctl(4, LOOP_CLR_FD) = 0 [pid 408] close(4) = 0 [pid 408] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 408] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 407] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[412], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 412 [pid 407] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 407] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 407] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[413], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 413 [pid 407] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 407] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 1 [pid 408] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 408] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x7f3e3db039e0, 24) = 0 [pid 413] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 413] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 407] <... futex resumed>) = 0 [pid 407] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 407] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 408] <... futex resumed>) = 0 [pid 408] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 407] <... futex resumed>) = ? [pid 413] <... futex resumed>) = ? ./strace-static-x86_64: Process 412 attached [pid 408] +++ killed by SIGBUS +++ [pid 413] +++ killed by SIGBUS +++ [pid 412] +++ killed by SIGBUS +++ [pid 407] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./15/binderfs") = 0 [ 34.125109][ T408] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./15/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 414 attached , child_tidptr=0x555555a3b5d0) = 414 [pid 414] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 414] chdir("./16") = 0 [pid 414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 414] setpgid(0, 0) = 0 [pid 414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 414] write(3, "1000", 4) = 4 [pid 414] close(3) = 0 [pid 414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 414] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 414] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[415], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 415 [pid 414] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 415] memfd_create("syzkaller", 0) = 3 [pid 415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 415] munmap(0x7f3e3da25000, 1048576) = 0 [pid 415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 415] close(3) = 0 [pid 415] mkdir("./file0", 0777) = 0 [pid 415] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 415] chdir("./file0") = 0 [pid 415] ioctl(4, LOOP_CLR_FD) = 0 [pid 415] close(4) = 0 [pid 415] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 415] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 414] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 415] <... openat resumed>) = 4 [pid 415] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 414] <... futex resumed>) = 0 [pid 415] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 414] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 415] <... mmap resumed>) = 0x20000000 [pid 414] <... mmap resumed>) = 0x7f3e3db04000 [pid 414] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 414] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 419 attached , parent_tid=[419], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 419 [pid 419] set_robust_list(0x7f3e3db249e0, 24 [pid 414] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 419] <... set_robust_list resumed>) = 0 [pid 414] <... futex resumed>) = 0 [pid 414] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 419] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 414] <... mmap resumed>) = 0x7f3e3dae3000 [pid 414] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = ? [pid 419] +++ killed by SIGBUS +++ [pid 415] +++ killed by SIGBUS +++ [pid 414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./16/binderfs") = 0 [ 34.254833][ T415] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 420] chdir("./17") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 420] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 421] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... clone resumed>, parent_tid=[421], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 421 [pid 420] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] <... futex resumed>) = 0 [pid 420] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7f3e3da25000, 1048576) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 421] close(3) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file0") = 0 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [pid 421] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 421] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 420] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[425], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 425 [pid 420] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 420] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[426], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 426 [pid 420] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 1 [pid 421] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 421] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 426 attached ./strace-static-x86_64: Process 425 attached [pid 426] set_robust_list(0x7f3e3db039e0, 24) = 0 [pid 426] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 425] set_robust_list(0x7f3e3db249e0, 24 [pid 426] <... socket resumed>) = 5 [pid 425] <... set_robust_list resumed>) = 0 [pid 425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 420] <... futex resumed>) = ? [pid 421] <... futex resumed>) = ? [pid 426] +++ killed by SIGBUS +++ [pid 421] +++ killed by SIGBUS +++ [pid 425] +++ killed by SIGBUS +++ [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./17/binderfs") = 0 [ 34.415162][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 427 ./strace-static-x86_64: Process 427 attached [pid 427] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 427] chdir("./18") = 0 [pid 427] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 427] setpgid(0, 0) = 0 [pid 427] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 427] write(3, "1000", 4) = 4 [pid 427] close(3) = 0 [pid 427] symlink("/dev/binderfs", "./binderfs") = 0 [pid 427] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 427] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[428], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 428 [pid 427] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 428 attached [pid 428] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 428] memfd_create("syzkaller", 0) = 3 [pid 428] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 428] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 428] munmap(0x7f3e3da25000, 1048576) = 0 [pid 428] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 428] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 428] close(3) = 0 [pid 428] mkdir("./file0", 0777) = 0 [pid 428] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 428] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 428] chdir("./file0") = 0 [pid 428] ioctl(4, LOOP_CLR_FD) = 0 [pid 428] close(4) = 0 [pid 428] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 428] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 427] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] <... openat resumed>) = 4 [pid 428] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 427] <... futex resumed>) = 0 [pid 427] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 427] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 428] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 427] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[432], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 432 [pid 428] <... mmap resumed>) = 0x20000000 [pid 427] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 427] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 427] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 427] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[433], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 433 [pid 427] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 433 attached [pid 427] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 428] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 432 attached [pid 432] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 427] <... futex resumed>) = ? [pid 428] <... futex resumed>) = ? [pid 428] +++ killed by SIGBUS +++ [pid 433] +++ killed by SIGBUS +++ [pid 432] +++ killed by SIGBUS +++ [pid 427] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=427, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./18/binderfs") = 0 [ 34.535264][ T428] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x555555a3b5e0, 24 [pid 304] <... clone resumed>, child_tidptr=0x555555a3b5d0) = 434 [pid 434] <... set_robust_list resumed>) = 0 [pid 434] chdir("./19") = 0 [pid 434] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 434] setpgid(0, 0) = 0 [pid 434] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 434] write(3, "1000", 4) = 4 [pid 434] close(3) = 0 [pid 434] symlink("/dev/binderfs", "./binderfs") = 0 [pid 434] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 434] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 435] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] <... clone resumed>, parent_tid=[435], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 435 [pid 434] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] <... futex resumed>) = 0 [pid 435] memfd_create("syzkaller", 0) = 3 [pid 435] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 434] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 435] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 435] munmap(0x7f3e3da25000, 1048576) = 0 [pid 435] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 435] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 435] close(3) = 0 [pid 435] mkdir("./file0", 0777) = 0 [pid 435] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 435] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 435] chdir("./file0") = 0 [pid 435] ioctl(4, LOOP_CLR_FD) = 0 [pid 435] close(4) = 0 [pid 435] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 434] <... futex resumed>) = 1 [pid 434] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] <... openat resumed>) = 4 [pid 435] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 435] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] <... futex resumed>) = 0 [pid 434] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 434] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 434] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 435] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 435] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 434] <... clone resumed>, parent_tid=[439], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 439 [pid 435] <... mmap resumed>) = 0x20000000 [pid 434] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 434] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE [pid 435] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] <... mprotect resumed>) = 0 [pid 434] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[440], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 440 [pid 434] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 434] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 435] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 440 attached [pid 440] set_robust_list(0x7f3e3db039e0, 24./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 435] <... futex resumed>) = ? [pid 440] <... set_robust_list resumed>) = ? [pid 434] <... futex resumed>) = ? [pid 440] +++ killed by SIGBUS +++ [pid 435] +++ killed by SIGBUS +++ [pid 439] +++ killed by SIGBUS +++ [pid 434] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=434, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./19/binderfs") = 0 [ 34.715021][ T435] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 304] <... clone resumed>, child_tidptr=0x555555a3b5d0) = 441 [pid 441] chdir("./20") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 441] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 442 attached , parent_tid=[442], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 442 [pid 442] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 441] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] memfd_create("syzkaller", 0 [pid 441] <... futex resumed>) = 0 [pid 442] <... memfd_create resumed>) = 3 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 441] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 442] munmap(0x7f3e3da25000, 1048576) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 442] close(3) = 0 [pid 442] mkdir("./file0", 0777) = 0 [pid 442] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 442] chdir("./file0") = 0 [pid 442] ioctl(4, LOOP_CLR_FD) = 0 [pid 442] close(4) = 0 [pid 442] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... openat resumed>) = 4 [pid 442] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 442] <... futex resumed>) = 1 [pid 441] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 442] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 442] <... mmap resumed>) = 0x20000000 [pid 441] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE [pid 442] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... mprotect resumed>) = 0 [pid 442] <... futex resumed>) = 0 [pid 441] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 442] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] <... clone resumed>, parent_tid=[446], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 446 [pid 441] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 442] <... futex resumed>) = 0 [pid 441] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 442] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 442] <... futex resumed>) = 1 [pid 441] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 441] <... futex resumed>) = ? ./strace-static-x86_64: Process 446 attached [pid 446] +++ killed by SIGBUS +++ [pid 442] +++ killed by SIGBUS +++ [pid 441] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./20/binderfs") = 0 [ 34.895181][ T442] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 447 ./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 447] chdir("./21") = 0 [pid 447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 447] setpgid(0, 0) = 0 [pid 447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 447] write(3, "1000", 4) = 4 [pid 447] close(3) = 0 [pid 447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 447] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 447] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[448], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 448 [pid 447] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 448 attached [pid 448] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 448] memfd_create("syzkaller", 0) = 3 [pid 448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 448] munmap(0x7f3e3da25000, 1048576) = 0 [pid 448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 448] close(3) = 0 [pid 448] mkdir("./file0", 0777) = 0 [pid 448] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 448] chdir("./file0") = 0 [pid 448] ioctl(4, LOOP_CLR_FD) = 0 [pid 448] close(4) = 0 [pid 448] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 1 [pid 448] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 448] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 447] <... futex resumed>) = 0 [pid 448] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 447] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000 [pid 448] <... mmap resumed>) = 0x20000000 [pid 448] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 447] <... futex resumed>) = 0 [pid 447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 447] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 447] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[452], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 452 ./strace-static-x86_64: Process 452 attached [pid 447] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] set_robust_list(0x7f3e3db249e0, 24 [pid 447] <... futex resumed>) = 0 [pid 452] <... set_robust_list resumed>) = 0 [pid 447] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 448] <... futex resumed>) = 0 [pid 452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 447] <... futex resumed>) = ? [pid 452] +++ killed by SIGBUS +++ [pid 448] +++ killed by SIGBUS +++ [pid 447] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./21/binderfs") = 0 [ 35.055449][ T448] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 453 ./strace-static-x86_64: Process 453 attached [pid 453] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 453] chdir("./22") = 0 [pid 453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 453] setpgid(0, 0) = 0 [pid 453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 453] write(3, "1000", 4) = 4 [pid 453] close(3) = 0 [pid 453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 453] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 453] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 453] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 454 attached , parent_tid=[454], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 454 [pid 453] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 454] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 454] memfd_create("syzkaller", 0) = 3 [pid 454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 454] munmap(0x7f3e3da25000, 1048576) = 0 [pid 454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 454] close(3) = 0 [pid 454] mkdir("./file0", 0777) = 0 [pid 454] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 454] chdir("./file0") = 0 [pid 454] ioctl(4, LOOP_CLR_FD) = 0 [pid 454] close(4) = 0 [pid 454] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 454] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 453] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 454] <... openat resumed>) = 4 [pid 454] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 453] <... futex resumed>) = 0 [pid 454] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 453] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 454] <... mmap resumed>) = 0x20000000 [pid 453] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 453] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 458 attached , parent_tid=[458], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 458 [pid 458] set_robust_list(0x7f3e3db249e0, 24 [pid 453] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 458] <... set_robust_list resumed>) = 0 [pid 453] <... futex resumed>) = 0 [pid 458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 458] +++ killed by SIGBUS +++ [pid 454] +++ killed by SIGBUS +++ [pid 453] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=453, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./22/binderfs") = 0 [ 35.235028][ T454] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 459 attached , child_tidptr=0x555555a3b5d0) = 459 [pid 459] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 459] chdir("./23") = 0 [pid 459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 459] setpgid(0, 0) = 0 [pid 459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 459] write(3, "1000", 4) = 4 [pid 459] close(3) = 0 [pid 459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 459] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 459] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[460], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 460 [pid 459] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 460 attached [pid 460] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 460] memfd_create("syzkaller", 0) = 3 [pid 460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 460] munmap(0x7f3e3da25000, 1048576) = 0 [pid 460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 460] close(3) = 0 [pid 460] mkdir("./file0", 0777) = 0 [pid 460] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 460] chdir("./file0") = 0 [pid 460] ioctl(4, LOOP_CLR_FD) = 0 [pid 460] close(4) = 0 [pid 460] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 1 [pid 460] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 460] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 459] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[464], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 464 [pid 459] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 459] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 459] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[465], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 465 [pid 459] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 459] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 1 [pid 460] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 460] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 460] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 465 attached [pid 465] set_robust_list(0x7f3e3db039e0, 24) = 0 [pid 465] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 465] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 459] <... futex resumed>) = 0 [pid 459] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 459] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 460] <... futex resumed>) = 0 [pid 460] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 459] <... futex resumed>) = ? [pid 465] <... futex resumed>) = ? ./strace-static-x86_64: Process 464 attached [pid 460] +++ killed by SIGBUS +++ [pid 465] +++ killed by SIGBUS +++ [pid 464] +++ killed by SIGBUS +++ [pid 459] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./23/binderfs") = 0 [ 35.375283][ T460] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 466 ./strace-static-x86_64: Process 466 attached [pid 466] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 466] chdir("./24") = 0 [pid 466] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 466] setpgid(0, 0) = 0 [pid 466] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 466] write(3, "1000", 4) = 4 [pid 466] close(3) = 0 [pid 466] symlink("/dev/binderfs", "./binderfs") = 0 [pid 466] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 466] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 466] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[467], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 467 ./strace-static-x86_64: Process 467 attached [pid 466] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 467] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 467] memfd_create("syzkaller", 0) = 3 [pid 467] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 467] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 467] munmap(0x7f3e3da25000, 1048576) = 0 [pid 467] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 467] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 467] close(3) = 0 [pid 467] mkdir("./file0", 0777) = 0 [pid 467] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 467] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 467] chdir("./file0") = 0 [pid 467] ioctl(4, LOOP_CLR_FD) = 0 [pid 467] close(4) = 0 [pid 467] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 467] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 467] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 466] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 466] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[471], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 471 [pid 466] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 466] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 466] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 466] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 467] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 466] <... clone resumed>, parent_tid=[472], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 472 [pid 466] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 467] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 472 attached [pid 466] <... futex resumed>) = 0 [pid 466] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 471 attached [pid 471] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 471] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 466] <... futex resumed>) = ? [pid 472] +++ killed by SIGBUS +++ [pid 467] +++ killed by SIGBUS +++ [pid 471] +++ killed by SIGBUS +++ [pid 466] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=466, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./24/binderfs") = 0 [ 35.474731][ T467] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 473 ./strace-static-x86_64: Process 473 attached [pid 473] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 473] chdir("./25") = 0 [pid 473] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 473] setpgid(0, 0) = 0 [pid 473] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 473] write(3, "1000", 4) = 4 [pid 473] close(3) = 0 [pid 473] symlink("/dev/binderfs", "./binderfs") = 0 [pid 473] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 473] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 473] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 474 attached , parent_tid=[474], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 474 [pid 474] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 474] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] <... futex resumed>) = 0 [pid 474] memfd_create("syzkaller", 0 [pid 473] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 474] <... memfd_create resumed>) = 3 [pid 474] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 474] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 474] munmap(0x7f3e3da25000, 1048576) = 0 [pid 474] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 474] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 474] close(3) = 0 [pid 474] mkdir("./file0", 0777) = 0 [pid 474] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 474] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 474] chdir("./file0") = 0 [pid 474] ioctl(4, LOOP_CLR_FD) = 0 [pid 474] close(4) = 0 [pid 474] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 473] <... futex resumed>) = 0 [pid 474] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 473] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 474] <... futex resumed>) = 0 [pid 473] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 474] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 474] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 473] <... futex resumed>) = 0 [pid 473] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 473] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 473] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[478], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 478 [pid 473] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 473] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 473] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[479], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 479 [pid 473] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 473] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 478 attached ./strace-static-x86_64: Process 479 attached [pid 474] <... futex resumed>) = 1 [pid 474] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0) = 0x20000000 [pid 474] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 474] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 479] set_robust_list(0x7f3e3db039e0, 24 [pid 478] set_robust_list(0x7f3e3db249e0, 24 [pid 479] <... set_robust_list resumed>) = 0 [pid 478] <... set_robust_list resumed>) = 0 [pid 479] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 478] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 473] <... futex resumed>) = ? [pid 474] <... futex resumed>) = ? [pid 479] +++ killed by SIGBUS +++ [pid 474] +++ killed by SIGBUS +++ [pid 478] +++ killed by SIGBUS +++ [pid 473] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=473, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./25/binderfs") = 0 [ 35.625294][ T474] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 480 ./strace-static-x86_64: Process 480 attached [pid 480] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 480] chdir("./26") = 0 [pid 480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 480] setpgid(0, 0) = 0 [pid 480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 480] write(3, "1000", 4) = 4 [pid 480] close(3) = 0 [pid 480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 480] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 480] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 480] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[481], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 481 [pid 480] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 481 attached [pid 481] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 481] memfd_create("syzkaller", 0) = 3 [pid 481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 481] munmap(0x7f3e3da25000, 1048576) = 0 [pid 481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 481] close(3) = 0 [pid 481] mkdir("./file0", 0777) = 0 [pid 481] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 481] chdir("./file0") = 0 [pid 481] ioctl(4, LOOP_CLR_FD) = 0 [pid 481] close(4) = 0 [pid 481] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... futex resumed>) = 0 [pid 481] <... futex resumed>) = 1 [pid 480] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 480] <... futex resumed>) = 0 [pid 480] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 481] <... openat resumed>) = 4 [pid 481] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 480] <... futex resumed>) = 0 [pid 480] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 481] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 480] <... futex resumed>) = 0 [pid 480] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 481] <... mmap resumed>) = 0x20000000 [pid 481] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 480] <... mmap resumed>) = 0x7f3e3db04000 [pid 480] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 480] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[485], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 485 [pid 480] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 480] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 481] <... futex resumed>) = 1 ./strace-static-x86_64: Process 485 attached [pid 480] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 481] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 485] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 481] <... socket resumed>) = 5 [pid 481] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 481] <... futex resumed>) = 1 [pid 480] <... futex resumed>) = 0 [pid 481] +++ killed by SIGBUS +++ [pid 485] +++ killed by SIGBUS +++ [pid 480] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./26/binderfs") = 0 [ 35.775072][ T481] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 486 ./strace-static-x86_64: Process 486 attached [pid 486] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 486] chdir("./27") = 0 [pid 486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 486] setpgid(0, 0) = 0 [pid 486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 486] write(3, "1000", 4) = 4 [pid 486] close(3) = 0 [pid 486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 486] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 486] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 486] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 487 attached , parent_tid=[487], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 487 [pid 486] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 487] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 487] memfd_create("syzkaller", 0) = 3 [pid 487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 487] munmap(0x7f3e3da25000, 1048576) = 0 [pid 487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 487] close(3) = 0 [pid 487] mkdir("./file0", 0777) = 0 [pid 487] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 487] chdir("./file0") = 0 [pid 487] ioctl(4, LOOP_CLR_FD) = 0 [pid 487] close(4) = 0 [pid 487] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 486] <... futex resumed>) = 0 [pid 487] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 486] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 487] <... openat resumed>) = 4 [pid 487] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 486] <... futex resumed>) = 0 [pid 486] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 486] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 486] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[491], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 491 [pid 486] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 487] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 487] <... mmap resumed>) = 0x20000000 [pid 486] <... mmap resumed>) = 0x7f3e3dae3000 [pid 486] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 487] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 486] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 487] <... futex resumed>) = 0 [pid 487] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 486] <... clone resumed>, parent_tid=[492], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 492 [pid 486] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 486] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 492 attached ./strace-static-x86_64: Process 491 attached [pid 492] set_robust_list(0x7f3e3db039e0, 24 [pid 491] set_robust_list(0x7f3e3db249e0, 24 [pid 492] <... set_robust_list resumed>) = 0 [pid 491] <... set_robust_list resumed>) = 0 [pid 492] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 492] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200002c2} --- [pid 492] <... futex resumed>) = 1 [pid 486] <... futex resumed>) = ? [pid 487] <... futex resumed>) = ? [pid 492] +++ killed by SIGBUS +++ [pid 487] +++ killed by SIGBUS +++ [pid 491] +++ killed by SIGBUS +++ [pid 486] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=486, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./27/binderfs") = 0 [ 35.875028][ T487] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 493 ./strace-static-x86_64: Process 493 attached [pid 493] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 493] chdir("./28") = 0 [pid 493] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 493] setpgid(0, 0) = 0 [pid 493] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 493] write(3, "1000", 4) = 4 [pid 493] close(3) = 0 [pid 493] symlink("/dev/binderfs", "./binderfs") = 0 [pid 493] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 493] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[494], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 494 [pid 493] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 494 attached [pid 494] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 494] memfd_create("syzkaller", 0) = 3 [pid 494] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 494] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 494] munmap(0x7f3e3da25000, 1048576) = 0 [pid 494] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 494] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 494] close(3) = 0 [pid 494] mkdir("./file0", 0777) = 0 [pid 494] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 494] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 494] chdir("./file0") = 0 [pid 494] ioctl(4, LOOP_CLR_FD) = 0 [pid 494] close(4) = 0 [pid 494] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000) = 4 [pid 494] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 493] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[498], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 498 [pid 493] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 493] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 493] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[499], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 499 [pid 493] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 498 attached [pid 498] set_robust_list(0x7f3e3db249e0, 24) = 0 [pid 498] write(4, "#! ./file0 \n", 12 [pid 494] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0./strace-static-x86_64: Process 499 attached [pid 498] <... write resumed>) = 12 [pid 498] write(4, "#! ./file0 \n", 12) = 12 [pid 498] write(4, "#! ./file0 \n", 12) = 12 [pid 498] write(4, "#! ./file0 \n", 12) = 12 [pid 498] write(4, "#! ./file0 \n", 12) = 12 [pid 498] write(4, 0x200002c0, 12 [pid 494] <... mmap resumed>) = 0x20000000 [pid 494] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 499] set_robust_list(0x7f3e3db039e0, 24 [pid 498] <... write resumed>) = 12 [pid 498] write(4, 0x200002c0, 12 [pid 499] <... set_robust_list resumed>) = 0 [pid 494] <... futex resumed>) = 0 [pid 494] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 499] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP) = 5 [pid 499] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 499] futex(0x7f3e45f1e7c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 493] <... futex resumed>) = 0 [pid 493] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 493] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 494] <... futex resumed>) = 0 [ 36.065709][ T494] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 36.089097][ T498] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 493] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 493] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 498] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 494] openat(AT_FDCWD, 0x200000c0, O_RDONLY|O_NOFOLLOW|O_NOATIME [pid 498] write(4, 0x200002c0, 12 [pid 494] <... openat resumed>) = -1 ELOOP (Too many levels of symbolic links) [pid 494] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 36.104033][ T498] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 36.117009][ T498] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.117009][ T498] [ 36.126661][ T498] EXT4-fs (loop0): Total free blocks count 0 [ 36.132634][ T498] EXT4-fs (loop0): Free/Dirty block details [ 36.138646][ T498] EXT4-fs (loop0): free_blocks=2415919104 [ 36.144433][ T498] EXT4-fs (loop0): dirty_blocks=16 [ 36.149657][ T498] EXT4-fs (loop0): Block reservation details [ 36.155799][ T498] EXT4-fs (loop0): i_reserved_data_blocks=1 [pid 494] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 498] <... write resumed>) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [ 36.163544][ T498] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 36.175758][ T498] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.175758][ T498] [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] write(4, 0x200002c0, 12) = -1 ENOSPC (No space left on device) [pid 498] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 493] exit_group(0 [pid 499] <... futex resumed>) = ? [pid 494] <... futex resumed>) = ? [pid 493] <... exit_group resumed>) = ? [pid 499] +++ exited with 0 +++ [pid 494] +++ exited with 0 +++ [pid 498] +++ exited with 0 +++ [pid 493] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=493, si_uid=0, si_status=0, si_utime=0, si_stime=11} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./28/binderfs") = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555a44660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555a44660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555555a3c620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555555a3b5d0) = 500 ./strace-static-x86_64: Process 500 attached [pid 500] set_robust_list(0x555555a3b5e0, 24) = 0 [pid 500] chdir("./29") = 0 [pid 500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 500] setpgid(0, 0) = 0 [pid 500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 500] write(3, "1000", 4) = 4 [pid 500] close(3) = 0 [pid 500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 500] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e45e25000 [pid 500] mprotect(0x7f3e45e26000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 500] clone(child_stack=0x7f3e45e453f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[501], tls=0x7f3e45e45700, child_tidptr=0x7f3e45e459d0) = 501 [pid 500] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 501 attached [pid 501] set_robust_list(0x7f3e45e459e0, 24) = 0 [pid 501] memfd_create("syzkaller", 0) = 3 [pid 501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3e3da25000 [pid 501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 501] munmap(0x7f3e3da25000, 1048576) = 0 [pid 501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 501] close(3) = 0 [pid 501] mkdir("./file0", 0777) = 0 [pid 501] mount("/dev/loop0", "./file0", "ext4", MS_SYNCHRONOUS|MS_NOATIME|MS_NODIRATIME|MS_REC, ",errors=continue") = 0 [pid 501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 501] chdir("./file0") = 0 [pid 501] ioctl(4, LOOP_CLR_FD) = 0 [pid 501] close(4) = 0 [pid 501] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 501] openat(AT_FDCWD, "blkio.throttle.io_service_bytes", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_APPEND|FASYNC|0x18, 000 [pid 500] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f3e45f1e7ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 501] <... openat resumed>) = 4 [pid 501] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 500] <... futex resumed>) = 0 [pid 501] mmap(0x20000000, 11755520, PROT_WRITE|PROT_GROWSUP, MAP_SHARED|MAP_FIXED|MAP_POPULATE|MAP_STACK, 4, 0 [pid 500] futex(0x7f3e45f1e7a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] futex(0x7f3e45f1e7bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3db04000 [pid 500] mprotect(0x7f3e3db05000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 500] clone(child_stack=0x7f3e3db243f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 505 attached , parent_tid=[505], tls=0x7f3e3db24700, child_tidptr=0x7f3e3db249d0) = 505 [pid 505] set_robust_list(0x7f3e3db249e0, 24 [pid 500] futex(0x7f3e45f1e7b8, FUTEX_WAKE_PRIVATE, 1000000 [pid 505] <... set_robust_list resumed>) = 0 [pid 505] write(4, "#! ./file0 \n", 12 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3e3dae3000 [pid 500] mprotect(0x7f3e3dae4000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 500] clone(child_stack=0x7f3e3db033f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID [pid 505] <... write resumed>) = 12 [pid 505] write(4, "#! ./file0 \n", 12./strace-static-x86_64: Process 506 attached [pid 500] <... clone resumed>, parent_tid=[506], tls=0x7f3e3db03700, child_tidptr=0x7f3e3db039d0) = 506 [pid 500] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 506] set_robust_list(0x7f3e3db039e0, 24 [pid 500] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] <... write resumed>) = 12 [pid 505] write(4, "#! ./file0 \n", 12 [pid 506] <... set_robust_list resumed>) = 0 [pid 506] socket(AF_INET6, SOCK_DGRAM, IPPROTO_IP [pid 505] <... write resumed>) = 12 [pid 505] write(4, "#! ./file0 \n", 12 [pid 506] <... socket resumed>) = 5 [pid 506] futex(0x7f3e45f1e7cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 500] <... futex resumed>) = 0 [pid 505] <... write resumed>) = 12 [pid 500] futex(0x7f3e45f1e7c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 506] <... futex resumed>) = 1 [pid 501] <... mmap resumed>) = 0x20000000 [pid 500] <... futex resumed>) = 0 [pid 500] futex(0x7f3e45f1e7cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 505] write(4, 0x200002c0, 12) = 12 [pid 505] write(4, 0x200002c0, 12 [pid 501] futex(0x7f3e45f1e7ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 36.374957][ T501] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue [ 36.410573][ T506] EXT4-fs error (device loop0): ext4_mb_generate_buddy:747: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [pid 501] futex(0x7f3e45f1e7a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x200000d0} --- [pid 500] <... futex resumed>) = ? [pid 501] <... futex resumed>) = ? [ 36.425802][ T505] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28 [ 36.438099][ T505] EXT4-fs (loop0): This should not happen!! Data will be lost [ 36.438099][ T505] [ 36.447747][ T505] EXT4-fs (loop0): Total free blocks count 0 [ 36.453893][ T505] EXT4-fs (loop0): Free/Dirty block details [ 36.459793][ T505] EXT4-fs (loop0): free_blocks=2415919104 [ 36.465654][ T505] EXT4-fs (loop0): dirty_blocks=16 [pid 505] <... write resumed>) = ? [pid 505] +++ killed by SIGBUS +++ [pid 501] +++ killed by SIGBUS +++ [pid 506] +++ killed by SIGBUS +++ [pid 500] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=500, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=7} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555a3c620 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./29/binderfs") = 0 [ 36.470778][ T505] EXT4-fs (loop0): Block reservation details [ 36.476787][ T505] EXT4-fs (loop0): i_reserved_data_blocks=1 [ 36.489885][ T172] ------------[ cut here ]------------ [ 36.495466][ T172] kernel BUG at fs/ext4/inode.c:2851! [ 36.501198][ T172] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 36.507346][ T172] CPU: 0 PID: 172 Comm: kworker/u4:2 Not tainted 5.4.225-syzkaller-00005-g66c3e3ab77a2 #0 [ 36.517234][ T172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/16/2023 [ 36.527278][ T172] Workqueue: writeback wb_workfn (flush-7:0) [ 36.533268][ T172] RIP: 0010:ext4_writepages+0x3a16/0x3a40 [ 36.539137][ T172] Code: 7a a2 ff 31 ff 89 de e8 f8 79 a2 ff 45 84 f6 75 2e e8 de 77 a2 ff 49 bd 00 00 00 00 00 fc ff df e9 6e f9 ff ff e8 ca 77 a2 ff <0f> 0b e8 c3 77 a2 ff 0f 0b e8 bc 77 a2 ff e8 f7 87 3f ff eb 8f e8 [ 36.558978][ T172] RSP: 0018:ffff8881e4fcf100 EFLAGS: 00010293 [ 36.565045][ T172] RAX: ffffffff81c0beb6 RBX: 0000010000000000 RCX: ffff8881ec3a8000 [ 36.573145][ T172] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 36.581129][ T172] RBP: ffff8881e4fcf4f0 R08: ffffffff81c08c9f R09: ffffed103b61970c [ 36.589200][ T172] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881db0cb908 [ 36.597353][ T172] R13: dffffc0000000000 R14: 0000010410000000 R15: ffff8881e4fcf3c0 [ 36.605332][ T172] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 36.614588][ T172] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.621170][ T172] CR2: 00007f3e3db03718 CR3: 00000001ed5a6000 CR4: 00000000003406f0 [ 36.629320][ T172] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.637915][ T172] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.647240][ T172] Call Trace: [ 36.651636][ T172] ? __find_get_block+0xc9c/0x10b0 [ 36.656846][ T172] ? write_boundary_block+0x150/0x150 [ 36.662395][ T172] ? ext4_readpage+0x2e0/0x2e0 [ 36.667590][ T172] ? __getblk_gfp+0x3a/0x720 [ 36.672461][ T172] ? ext4_get_group_desc+0x253/0x2a0 [ 36.677992][ T172] ? __ext4_get_inode_loc+0x612/0xe40 [ 36.683698][ T172] ? deref_stack_reg+0x15c/0x1f0 [ 36.688718][ T172] ? ext4_readpage+0x2e0/0x2e0 [ 36.693912][ T172] do_writepages+0x12b/0x270 [ 36.698491][ T172] ? __writepage+0x110/0x110 [ 36.703063][ T172] ? _raw_spin_lock+0xa4/0x1b0 [ 36.707806][ T172] ? _raw_spin_trylock_bh+0x190/0x190 [ 36.713879][ T172] ? _raw_spin_lock+0xa4/0x1b0 [ 36.718649][ T172] __writeback_single_inode+0xd9/0xcc0 [ 36.724585][ T172] writeback_sb_inodes+0xa2c/0x1990 [ 36.729880][ T172] ? queue_io+0x500/0x500 [ 36.734455][ T172] ? queue_io+0x358/0x500 [ 36.738994][ T172] wb_writeback+0x403/0xd70 [ 36.743837][ T172] ? wb_io_lists_depopulated+0x170/0x170 [ 36.750157][ T172] ? __kthread_should_park+0xa6/0xe0 [ 36.756082][ T172] ? kthread_data+0x4e/0xc0 [ 36.761116][ T172] wb_workfn+0x3a9/0x10c0 [ 36.765795][ T172] ? inode_wait_for_writeback+0x280/0x280 [ 36.771595][ T172] ? dequeue_task_fair+0x657/0x11c0 [ 36.776971][ T172] ? _raw_spin_unlock_irq+0x4a/0x60 [ 36.783438][ T172] ? finish_task_switch+0x127/0x560 [ 36.788623][ T172] ? __schedule+0xb03/0x12a0 [ 36.793287][ T172] ? _raw_spin_lock_irqsave+0x210/0x210 [ 36.799572][ T172] ? read_word_at_a_time+0xe/0x20 [ 36.805133][ T172] ? strscpy+0x89/0x220 [ 36.809638][ T172] process_one_work+0x765/0xd20 [ 36.814960][ T172] worker_thread+0xaef/0x1470 [ 36.820269][ T172] kthread+0x2da/0x360 [ 36.824409][ T172] ? worker_clr_flags+0x170/0x170 [ 36.829678][ T172] ? kthread_destroy_worker+0x200/0x200 [ 36.835538][ T172] ret_from_fork+0x1f/0x30 [ 36.840022][ T172] Modules linked in: [ 36.844308][ T172] ---[ end trace db51c5e6e2777e6f ]--- [ 36.850379][ T172] RIP: 0010:ext4_writepages+0x3a16/0x3a40 [ 36.856245][ T172] Code: 7a a2 ff 31 ff 89 de e8 f8 79 a2 ff 45 84 f6 75 2e e8 de 77 a2 ff 49 bd 00 00 00 00 00 fc ff df e9 6e f9 ff ff e8 ca 77 a2 ff <0f> 0b e8 c3 77 a2 ff 0f 0b e8 bc 77 a2 ff e8 f7 87 3f ff eb 8f e8 [ 36.876790][ T172] RSP: 0018:ffff8881e4fcf100 EFLAGS: 00010293 [ 36.883838][ T172] RAX: ffffffff81c0beb6 RBX: 0000010000000000 RCX: ffff8881ec3a8000 [ 36.892336][ T172] RDX: 0000000000000000 RSI: 0000010000000000 RDI: 0000000000000000 [ 36.900903][ T172] RBP: ffff8881e4fcf4f0 R08: ffffffff81c08c9f R09: ffffed103b61970c [ 36.909198][ T172] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881db0cb908 [ 36.918096][ T172] R13: dffffc0000000000 R14: 0000010410000000 R15: ffff8881e4fcf3c0 [ 36.926930][ T172] FS: 0000000000000000(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 36.936352][ T172] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 36.943577][ T172] CR2: 00007f3e3db03718 CR3: 00000001ed5a6000 CR4: 00000000003406f0 [ 36.952056][ T172] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 36.960440][ T172] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 36.968862][ T172] Kernel panic - not syncing: Fatal exception [ 36.975484][ T172] Kernel Offset: disabled [ 36.979882][ T172] Rebooting in 86400 seconds..