./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor2706179517 <...> [ 11.262775][ T30] audit: type=1400 audit(1669521321.680:60): avc: denied { transition } for pid=317 comm="sshd" path="/bin/sh" dev="sda1" ino=73 scontext=system_u:system_r:initrc_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 11.267031][ T30] audit: type=1400 audit(1669521321.680:61): avc: denied { write } for pid=317 comm="sh" path="pipe:[12981]" dev="pipefs" ino=12981 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:initrc_t tclass=fifo_file permissive=1 [ 12.191879][ T318] sshd (318) used greatest stack depth: 22720 bytes left Warning: Permanently added '10.128.0.133' (ECDSA) to the list of known hosts. execve("./syz-executor2706179517", ["./syz-executor2706179517"], 0x7ffce55b2350 /* 10 vars */) = 0 brk(NULL) = 0x555555688000 brk(0x555555688c40) = 0x555555688c40 arch_prctl(ARCH_SET_FS, 0x555555688300) = 0 uname({sysname="Linux", nodename="syzkaller", ...}) = 0 set_tid_address(0x5555556885d0) = 406 set_robust_list(0x5555556885e0, 24) = 0 rt_sigaction(SIGRTMIN, {sa_handler=0x7fe81c3f14d0, sa_mask=[], sa_flags=SA_RESTORER|SA_SIGINFO, sa_restorer=0x7fe81c3f1ba0}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7fe81c3f1570, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7fe81c3f1ba0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor2706179517", 4096) = 28 brk(0x5555556a9c40) = 0x5555556a9c40 brk(0x5555556aa000) = 0x5555556aa000 mprotect(0x7fe81c4b3000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 getpid() = 406 mkdir("./syzkaller.JS5EJU", 0700) = 0 chmod("./syzkaller.JS5EJU", 0777) = 0 chdir("./syzkaller.JS5EJU") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 408 ./strace-static-x86_64: Process 408 attached [pid 408] set_robust_list(0x5555556885e0, 24) = 0 [pid 408] chdir("./0") = 0 [pid 408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 408] setpgid(0, 0) = 0 [pid 408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 408] write(3, "1000", 4) = 4 [pid 408] close(3) = 0 [pid 408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 408] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 408] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[409], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 409 ./strace-static-x86_64: Process 409 attached [pid 408] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 409] set_robust_list(0x7fe81c3e09e0, 24 [pid 408] <... futex resumed>) = 0 [pid 409] <... set_robust_list resumed>) = 0 [pid 408] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 409] memfd_create("syzkaller", 0) = 3 [pid 409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 409] munmap(0x7fe813fc0000, 1048576) = 0 [pid 409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 409] close(3) = 0 [pid 409] mkdir("./file0", 0777) = 0 [ 18.587841][ T30] audit: type=1400 audit(1669521329.010:62): avc: denied { execmem } for pid=406 comm="syz-executor270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 18.590884][ T30] audit: type=1400 audit(1669521329.010:63): avc: denied { read write } for pid=406 comm="syz-executor270" name="loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 18.594832][ T30] audit: type=1400 audit(1669521329.010:64): avc: denied { open } for pid=406 comm="syz-executor270" path="/dev/loop0" dev="devtmpfs" ino=111 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 18.598817][ T30] audit: type=1400 audit(1669521329.010:65): avc: denied { ioctl } for pid=406 comm="syz-executor270" path="/dev/loop0" dev="devtmpfs" ino=111 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 18.612737][ T409] loop0: detected capacity change from 0 to 2048 [ 18.620117][ T30] audit: type=1400 audit(1669521329.040:66): avc: denied { mounton } for pid=408 comm="syz-executor270" path="/root/syzkaller.JS5EJU/0/file0" dev="sda1" ino=1141 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 18.657255][ T409] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 409] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 409] chdir("./file0") = 0 [pid 409] ioctl(4, LOOP_CLR_FD) = 0 [pid 409] close(4) = 0 [pid 409] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 409] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 409] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 408] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 0 [pid 409] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 409] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] open("./bus", O_RDWR) = 5 [pid 409] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 408] <... futex resumed>) = 0 [pid 408] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 408] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 408] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[413], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 413 [pid 408] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 408] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 409] <... futex resumed>) = 1 [pid 409] write(4, 0x20000f80, 9) = 9 [pid 409] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 409] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 413 attached [pid 413] set_robust_list(0x7fe8140bf9e0, 24) = 0 [pid 413] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 409] <... futex resumed>) = ? [pid 408] <... futex resumed>) = ? [pid 409] +++ killed by SIGBUS +++ [pid 413] +++ killed by SIGBUS +++ [pid 408] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./0/binderfs") = 0 [ 18.667826][ T30] audit: type=1400 audit(1669521329.090:67): avc: denied { mount } for pid=408 comm="syz-executor270" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 18.690488][ T30] audit: type=1400 audit(1669521329.110:68): avc: denied { write } for pid=408 comm="syz-executor270" name="/" dev="loop0" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 18.707311][ T413] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 18.712991][ T30] audit: type=1400 audit(1669521329.110:69): avc: denied { add_name } for pid=408 comm="syz-executor270" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 18.747316][ T30] audit: type=1400 audit(1669521329.110:70): avc: denied { create } for pid=408 comm="syz-executor270" name="bus" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 18.767494][ T30] audit: type=1400 audit(1669521329.110:71): avc: denied { read write open } for pid=408 comm="syz-executor270" path="/root/syzkaller.JS5EJU/0/file0/bus" dev="loop0" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 415 ./strace-static-x86_64: Process 415 attached [pid 415] set_robust_list(0x5555556885e0, 24) = 0 [pid 415] chdir("./1") = 0 [pid 415] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 415] setpgid(0, 0) = 0 [pid 415] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 415] write(3, "1000", 4) = 4 [pid 415] close(3) = 0 [pid 415] symlink("/dev/binderfs", "./binderfs") = 0 [pid 415] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 415] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 416 attached , parent_tid=[416], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 416 [pid 415] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 416] set_robust_list(0x7fe81c3e09e0, 24 [pid 415] <... futex resumed>) = 0 [pid 416] <... set_robust_list resumed>) = 0 [pid 415] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 416] memfd_create("syzkaller", 0) = 3 [pid 416] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 416] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 416] munmap(0x7fe813fc0000, 1048576) = 0 [pid 416] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 416] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 416] close(3) = 0 [pid 416] mkdir("./file0", 0777) = 0 [pid 416] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 416] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 416] chdir("./file0") = 0 [pid 416] ioctl(4, LOOP_CLR_FD) = 0 [pid 416] close(4) = 0 [pid 416] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] <... futex resumed>) = 0 [pid 416] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000 [pid 415] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... open resumed>) = 4 [pid 416] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 416] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 416] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 415] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 0 [pid 416] open("./bus", O_RDWR) = 5 [pid 416] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 415] <... futex resumed>) = 0 [pid 416] <... futex resumed>) = 1 [pid 415] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 415] <... futex resumed>) = 0 [pid 415] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 415] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 415] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[419], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 419 [pid 415] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 415] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 416] <... futex resumed>) = 1 [pid 416] write(4, 0x20000f80, 9./strace-static-x86_64: Process 419 attached [pid 419] set_robust_list(0x7fe8140bf9e0, 24) = 0 [pid 416] <... write resumed>) = 9 [pid 416] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 18.866239][ T416] loop0: detected capacity change from 0 to 2048 [ 18.876960][ T416] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 416] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 419] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 416] <... futex resumed>) = ? [pid 415] <... futex resumed>) = ? [pid 416] +++ killed by SIGBUS +++ [pid 419] +++ killed by SIGBUS +++ [pid 415] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=415, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./1/binderfs") = 0 [ 18.902214][ T419] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 18.917245][ T415] syz-executor270 (415) used greatest stack depth: 22400 bytes left umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 420 ./strace-static-x86_64: Process 420 attached [pid 420] set_robust_list(0x5555556885e0, 24) = 0 [pid 420] chdir("./2") = 0 [pid 420] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 420] setpgid(0, 0) = 0 [pid 420] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 420] write(3, "1000", 4) = 4 [pid 420] close(3) = 0 [pid 420] symlink("/dev/binderfs", "./binderfs") = 0 [pid 420] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 420] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 420] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 421 attached [pid 421] set_robust_list(0x7fe81c3e09e0, 24 [pid 420] <... clone resumed>, parent_tid=[421], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 421 [pid 420] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 421] <... set_robust_list resumed>) = 0 [pid 420] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 421] memfd_create("syzkaller", 0) = 3 [pid 421] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 421] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 421] munmap(0x7fe813fc0000, 1048576) = 0 [pid 421] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 421] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 421] close(3) = 0 [pid 421] mkdir("./file0", 0777) = 0 [pid 421] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 421] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 421] chdir("./file0") = 0 [pid 421] ioctl(4, LOOP_CLR_FD) = 0 [pid 421] close(4) = 0 [pid 421] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 421] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 420] <... futex resumed>) = 0 [pid 420] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 421] <... futex resumed>) = 0 [pid 420] <... futex resumed>) = 1 [pid 420] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 421] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 421] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 420] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... write resumed>) = 9 [pid 421] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 421] open("./bus", O_RDWR [pid 420] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... open resumed>) = 5 [pid 421] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 421] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 420] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... mmap resumed>) = 0x20000000 [pid 421] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 420] <... futex resumed>) = 0 [pid 421] write(4, 0x20000f80, 9 [pid 420] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 420] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 420] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 421] <... write resumed>) = 9 [pid 420] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 424 attached [pid 424] set_robust_list(0x7fe8140bf9e0, 24) = 0 [pid 424] futex(0x7fe81c4b97b8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 421] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 420] <... clone resumed>, parent_tid=[424], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 424 [pid 420] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 424] <... futex resumed>) = 0 [pid 420] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 421] <... futex resumed>) = 0 [ 19.022790][ T421] loop0: detected capacity change from 0 to 2048 [ 19.036908][ T421] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 421] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 420] <... futex resumed>) = ? [pid 421] <... futex resumed>) = ? [pid 421] +++ killed by SIGBUS +++ [pid 424] +++ killed by SIGBUS +++ [pid 420] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=420, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./2/binderfs") = 0 [ 19.062263][ T424] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 425 ./strace-static-x86_64: Process 425 attached [pid 425] set_robust_list(0x5555556885e0, 24) = 0 [pid 425] chdir("./3") = 0 [pid 425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 425] setpgid(0, 0) = 0 [pid 425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 425] write(3, "1000", 4) = 4 [pid 425] close(3) = 0 [pid 425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 425] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 425] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 425] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID./strace-static-x86_64: Process 426 attached , parent_tid=[426], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 426 [pid 426] set_robust_list(0x7fe81c3e09e0, 24) = 0 [pid 426] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 425] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 426] <... futex resumed>) = 0 [pid 426] memfd_create("syzkaller", 0 [pid 425] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 426] <... memfd_create resumed>) = 3 [pid 426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 426] munmap(0x7fe813fc0000, 1048576) = 0 [pid 426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 426] close(3) = 0 [pid 426] mkdir("./file0", 0777) = 0 [pid 426] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 426] chdir("./file0") = 0 [pid 426] ioctl(4, LOOP_CLR_FD) = 0 [pid 426] close(4) = 0 [pid 426] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 426] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 426] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] open("./bus", O_RDWR) = 5 [pid 426] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 425] <... futex resumed>) = 0 [pid 425] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 425] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 425] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[429], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 429 [pid 425] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 425] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 426] <... futex resumed>) = 1 [pid 426] write(4, 0x20000f80, 9) = 9 [pid 426] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 426] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 429 attached [pid 429] set_robust_list(0x7fe8140bf9e0, 24) = 0 [pid 429] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 426] <... futex resumed>) = ? [pid 425] <... futex resumed>) = ? [pid 426] +++ killed by SIGBUS +++ [pid 429] +++ killed by SIGBUS +++ [pid 425] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=425, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./3/binderfs") = 0 [ 19.184136][ T426] loop0: detected capacity change from 0 to 2048 [ 19.197156][ T426] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 19.212507][ T429] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 430 ./strace-static-x86_64: Process 430 attached [pid 430] set_robust_list(0x5555556885e0, 24) = 0 [pid 430] chdir("./4") = 0 [pid 430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 430] setpgid(0, 0) = 0 [pid 430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 430] write(3, "1000", 4) = 4 [pid 430] close(3) = 0 [pid 430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 430] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 430] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 430] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[431], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 431 ./strace-static-x86_64: Process 431 attached [pid 430] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 431] set_robust_list(0x7fe81c3e09e0, 24 [pid 430] <... futex resumed>) = 0 [pid 431] <... set_robust_list resumed>) = 0 [pid 430] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 431] memfd_create("syzkaller", 0) = 3 [pid 431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 431] munmap(0x7fe813fc0000, 1048576) = 0 [pid 431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 431] close(3) = 0 [pid 431] mkdir("./file0", 0777) = 0 [pid 431] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 431] chdir("./file0") = 0 [pid 431] ioctl(4, LOOP_CLR_FD) = 0 [pid 431] close(4) = 0 [pid 431] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 1 [pid 431] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 431] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 1 [pid 431] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 431] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 431] <... futex resumed>) = 1 [pid 430] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] open("./bus", O_RDWR) = 5 [pid 431] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 430] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 430] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 1 [pid 431] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 430] <... futex resumed>) = 0 [pid 430] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 430] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 430] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[434], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 434 [pid 430] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 430] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 431] <... futex resumed>) = 1 [pid 431] write(4, 0x20000f80, 9./strace-static-x86_64: Process 434 attached [pid 434] set_robust_list(0x7fe8140bf9e0, 24) = 0 [pid 431] <... write resumed>) = 9 [pid 431] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 19.284195][ T431] loop0: detected capacity change from 0 to 2048 [ 19.297623][ T431] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 431] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 431] <... futex resumed>) = ? [pid 430] <... futex resumed>) = ? [pid 431] +++ killed by SIGBUS +++ [pid 434] +++ killed by SIGBUS +++ [pid 430] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=430, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./4/binderfs") = 0 [ 19.320611][ T434] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 435 ./strace-static-x86_64: Process 435 attached [pid 435] set_robust_list(0x5555556885e0, 24) = 0 [pid 435] chdir("./5") = 0 [pid 435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 435] setpgid(0, 0) = 0 [pid 435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 435] write(3, "1000", 4) = 4 [pid 435] close(3) = 0 [pid 435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 435] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 435] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 435] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[436], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 436 [pid 435] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 436 attached [pid 436] set_robust_list(0x7fe81c3e09e0, 24) = 0 [pid 436] memfd_create("syzkaller", 0) = 3 [pid 436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 436] munmap(0x7fe813fc0000, 1048576) = 0 [pid 436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 436] close(3) = 0 [pid 436] mkdir("./file0", 0777) = 0 [pid 436] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 436] chdir("./file0") = 0 [pid 436] ioctl(4, LOOP_CLR_FD) = 0 [pid 436] close(4) = 0 [pid 436] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 436] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 436] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] open("./bus", O_RDWR) = 5 [pid 436] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 435] <... futex resumed>) = 0 [pid 435] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 435] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 435] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[439], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 439 [pid 435] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 435] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 436] <... futex resumed>) = 1 [pid 436] write(4, 0x20000f80, 9) = 9 [pid 436] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 436] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 439 attached [pid 439] set_robust_list(0x7fe8140bf9e0, 24) = 0 [pid 439] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 435] <... futex resumed>) = ? [pid 436] <... futex resumed>) = ? [pid 436] +++ killed by SIGBUS +++ [pid 439] +++ killed by SIGBUS +++ [pid 435] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=435, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./5/binderfs") = 0 [ 19.408127][ T436] loop0: detected capacity change from 0 to 2048 [ 19.426384][ T436] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 19.442657][ T439] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 441 ./strace-static-x86_64: Process 441 attached [pid 441] set_robust_list(0x5555556885e0, 24) = 0 [pid 441] chdir("./6") = 0 [pid 441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 441] setpgid(0, 0) = 0 [pid 441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 441] write(3, "1000", 4) = 4 [pid 441] close(3) = 0 [pid 441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 441] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 441] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[442], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 442 [pid 441] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 442 attached [pid 442] set_robust_list(0x7fe81c3e09e0, 24) = 0 [pid 442] memfd_create("syzkaller", 0) = 3 [pid 442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 442] munmap(0x7fe813fc0000, 1048576) = 0 [pid 442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 442] close(3) = 0 [pid 442] mkdir("./file0", 0777) = 0 [pid 442] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 442] chdir("./file0") = 0 [pid 442] ioctl(4, LOOP_CLR_FD) = 0 [pid 442] close(4) = 0 [pid 442] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 442] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 442] <... futex resumed>) = 0 [pid 441] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 442] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 442] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] open("./bus", O_RDWR) = 5 [pid 442] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 441] <... futex resumed>) = 0 [pid 441] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 441] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 441] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[445], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 445 [pid 441] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 441] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 442] <... futex resumed>) = 1 [pid 442] write(4, 0x20000f80, 9./strace-static-x86_64: Process 445 attached ) = 9 [pid 442] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 442] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 445] set_robust_list(0x7fe8140bf9e0, 24) = 0 [ 19.541318][ T442] loop0: detected capacity change from 0 to 2048 [ 19.556694][ T442] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 445] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 442] <... futex resumed>) = ? [pid 441] <... futex resumed>) = ? [pid 442] +++ killed by SIGBUS +++ [pid 445] +++ killed by SIGBUS +++ [pid 441] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./6/binderfs") = 0 [ 19.580466][ T445] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 446 ./strace-static-x86_64: Process 446 attached [pid 446] set_robust_list(0x5555556885e0, 24) = 0 [pid 446] chdir("./7") = 0 [pid 446] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 446] setpgid(0, 0) = 0 [pid 446] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 446] write(3, "1000", 4) = 4 [pid 446] close(3) = 0 [pid 446] symlink("/dev/binderfs", "./binderfs") = 0 [pid 446] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 446] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[447], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 447 [pid 446] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 447 attached [pid 447] set_robust_list(0x7fe81c3e09e0, 24) = 0 [pid 447] memfd_create("syzkaller", 0) = 3 [pid 447] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 447] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 447] munmap(0x7fe813fc0000, 1048576) = 0 [pid 447] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 447] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 447] close(3) = 0 [pid 447] mkdir("./file0", 0777) = 0 [pid 447] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 447] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 447] chdir("./file0") = 0 [pid 447] ioctl(4, LOOP_CLR_FD) = 0 [pid 447] close(4) = 0 [pid 447] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 447] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9) = 9 [pid 447] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] open("./bus", O_RDWR) = 5 [pid 447] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 446] <... futex resumed>) = 0 [pid 446] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 446] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 446] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[450], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 450 [pid 446] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 446] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 447] <... futex resumed>) = 1 [pid 447] write(4, 0x20000f80, 9) = 9 [pid 447] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 447] futex(0x7fe81c4b97a8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 450 attached [pid 450] set_robust_list(0x7fe8140bf9e0, 24) = 0 [ 19.700546][ T447] loop0: detected capacity change from 0 to 2048 [ 19.716472][ T447] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 450] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 447] <... futex resumed>) = ? [pid 446] <... futex resumed>) = ? [pid 447] +++ killed by SIGBUS +++ [pid 450] +++ killed by SIGBUS +++ [pid 446] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=446, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 fstat(3, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(3, 0x555555689620 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}) = 0 unlink("./7/binderfs") = 0 [ 19.744984][ T450] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) lstat("./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 fstat(4, {st_mode=S_IFDIR|0700, st_size=4096, ...}) = 0 getdents64(4, 0x555555691660 /* 2 entries */, 32768) = 48 getdents64(4, 0x555555691660 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555555689620 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x5555556885d0) = 451 ./strace-static-x86_64: Process 451 attached [pid 451] set_robust_list(0x5555556885e0, 24) = 0 [pid 451] chdir("./8") = 0 [pid 451] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 451] setpgid(0, 0) = 0 [pid 451] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 451] write(3, "1000", 4) = 4 [pid 451] close(3) = 0 [pid 451] symlink("/dev/binderfs", "./binderfs") = 0 [pid 451] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81c3c0000 [pid 451] mprotect(0x7fe81c3c1000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] clone(child_stack=0x7fe81c3e03f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[452], tls=0x7fe81c3e0700, child_tidptr=0x7fe81c3e09d0) = 452 [pid 451] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 452 attached [pid 452] set_robust_list(0x7fe81c3e09e0, 24) = 0 [pid 452] memfd_create("syzkaller", 0) = 3 [pid 452] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fe813fc0000 [pid 452] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 452] munmap(0x7fe813fc0000, 1048576) = 0 [pid 452] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 452] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 452] close(3) = 0 [pid 452] mkdir("./file0", 0777) = 0 [pid 452] mount("/dev/loop0", "./file0", "ext4", MS_DIRSYNC|MS_NOATIME|MS_LAZYTIME, ",errors=continue") = 0 [pid 452] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 452] chdir("./file0") = 0 [pid 452] ioctl(4, LOOP_CLR_FD) = 0 [pid 452] close(4) = 0 [pid 452] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... futex resumed>) = 1 [pid 452] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_NOFOLLOW|O_NOATIME|O_CLOEXEC|0x29000030, 000) = 4 [pid 452] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] write(4, "\x00\x00\x00\x00\x00\x00\x00\x00\x00", 9 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... write resumed>) = 9 [pid 452] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000 [pid 452] open("./bus", O_RDWR [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] <... open resumed>) = 5 [pid 452] futex(0x7fe81c4b97ac, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 451] <... futex resumed>) = 0 [pid 451] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fe81c4b97ac, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 452] mmap(0x20000000, 6291456, PROT_WRITE|PROT_EXEC|PROT_SEM|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 451] futex(0x7fe81c4b97a8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] futex(0x7fe81c4b97bc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 451] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7fe81409f000 [pid 451] mprotect(0x7fe8140a0000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 451] clone(child_stack=0x7fe8140bf3f0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tid=[455], tls=0x7fe8140bf700, child_tidptr=0x7fe8140bf9d0) = 455 [pid 451] futex(0x7fe81c4b97b8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 455 attached [pid 451] futex(0x7fe81c4b97bc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 455] set_robust_list(0x7fe8140bf9e0, 24) = 0 [ 19.859503][ T452] loop0: detected capacity change from 0 to 2048 [ 19.876404][ T452] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [pid 452] write(4, 0x20000f80, 9 [pid 455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000204} --- [pid 451] <... futex resumed>) = ? [ 19.903004][ T455] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1148: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 19.918004][ T452] ------------[ cut here ]------------ [ 19.923539][ T452] kernel BUG at fs/ext4/ext4_jbd2.c:53! [ 19.929178][ T452] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 19.935048][ T452] CPU: 0 PID: 452 Comm: syz-executor270 Not tainted 5.15.74-syzkaller-00001-g4ec71a9ec769 #0 [ 19.945029][ T452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/26/2022 [ 19.954929][ T452] RIP: 0010:__ext4_journal_stop+0x1b3/0x1c0 [ 19.960650][ T452] Code: c3 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c f8 fe ff ff e8 a1 3f cc ff 48 ba 00 00 00 00 00 fc ff df e9 e4 fe ff ff e8 fd f2 89 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 41 [ 19.980097][ T452] RSP: 0018:ffffc900009f76b8 EFLAGS: 00010293 [ 19.986000][ T452] RAX: ffffffff81e79e93 RBX: ffffffff8603902d RCX: ffff88810c3da780 [ 19.993808][ T452] RDX: 0000000000000000 RSI: 0000000000000331 RDI: ffffffff8603902d [ 20.001616][ T452] RBP: ffffc900009f76f0 R08: ffffffff81ed2e18 R09: ffffed1023b9f661 [ 20.009428][ T452] R10: ffffed1023b9f661 R11: 1ffff11023b9f660 R12: ffff888109976ad8 [ 20.017246][ T452] R13: 0000000000000000 R14: 0000000000000012 R15: 0000000000000331 [ 20.025053][ T452] FS: 00007fe81c3e0700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.033816][ T452] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.040242][ T452] CR2: 00007fe8140bf718 CR3: 000000010c0b4000 CR4: 00000000003506b0 [ 20.048058][ T452] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.055862][ T452] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.063674][ T452] Call Trace: [ 20.066797][ T452] [ 20.069579][ T452] ext4_write_inline_data_end+0xa50/0xe10 [ 20.075132][ T452] ? ext4_set_page_dirty+0x1a0/0x1a0 [ 20.080264][ T452] ? put_page+0xa0/0xa0 [ 20.084245][ T452] ? pipe_zero+0x4d0/0x4d0 [ 20.088498][ T452] ext4_da_write_end+0x3d7/0xa70 [ 20.093275][ T452] ? ext4_da_write_begin+0xbf0/0xbf0 [ 20.098394][ T452] generic_perform_write+0x3c7/0x5d0 [ 20.103511][ T452] ? grab_cache_page_write_begin+0xa0/0xa0 [ 20.109174][ T452] ? down_write+0xdd/0x140 [ 20.113406][ T452] ? down_read_killable+0x250/0x250 [ 20.118443][ T452] ? generic_write_checks+0x3d8/0x490 [ 20.123646][ T452] ext4_buffered_write_iter+0x49b/0x630 [ 20.129027][ T452] ext4_file_write_iter+0x456/0x1dc0 [ 20.134146][ T452] ? __kasan_check_read+0x11/0x20 [ 20.139007][ T452] ? compat_start_thread+0x20/0x20 [ 20.143963][ T452] ? avc_policy_seqno+0x1b/0x70 [ 20.148641][ T452] ? selinux_file_permission+0x2ae/0x520 [ 20.154112][ T452] ? ext4_file_read_iter+0x4b0/0x4b0 [ 20.159229][ T452] ? iov_iter_init+0x53/0x180 [ 20.163743][ T452] vfs_write+0xc8d/0x1050 [ 20.167998][ T452] ? __kasan_check_write+0x14/0x20 [ 20.172943][ T452] ? file_end_write+0x1b0/0x1b0 [ 20.177628][ T452] ? mutex_lock+0xb6/0x130 [ 20.181884][ T452] ? wait_for_completion_killable_timeout+0x10/0x10 [ 20.188307][ T452] ? __fdget_pos+0x26d/0x310 [ 20.192821][ T452] ? ksys_write+0x77/0x2c0 [ 20.197073][ T452] ksys_write+0x198/0x2c0 [ 20.201246][ T452] ? do_notify_parent+0xa60/0xa60 [ 20.206200][ T452] ? __ia32_sys_read+0x90/0x90 [ 20.210801][ T452] ? fput+0x1a/0x20 [ 20.214444][ T452] ? ksys_mmap_pgoff+0x168/0x1e0 [ 20.219219][ T452] __x64_sys_write+0x7b/0x90 [ 20.223643][ T452] do_syscall_64+0x44/0xd0 [ 20.227895][ T452] entry_SYSCALL_64_after_hwframe+0x61/0xcb [ 20.233625][ T452] RIP: 0033:0x7fe81c434579 [ 20.237881][ T452] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 71 15 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 20.257324][ T452] RSP: 002b:00007fe81c3e02f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 20.265567][ T452] RAX: ffffffffffffffda RBX: 00007fe81c4b97a0 RCX: 00007fe81c434579 [ 20.273377][ T452] RDX: 0000000000000009 RSI: 0000000020000f80 RDI: 0000000000000004 [ 20.281186][ T452] RBP: 00007fe81c486828 R08: 0000000000000000 R09: 0000000000000000 [ 20.288994][ T452] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe81c4860c0 [ 20.296811][ T452] R13: 0000000020000800 R14: 0030656c69662f2e R15: 00007fe81c4b97a8 [ 20.304621][ T452] [ 20.307485][ T452] Modules linked in: [ 20.311381][ T452] ---[ end trace a17cf528fe92cc36 ]--- [ 20.316687][ T452] RIP: 0010:__ext4_journal_stop+0x1b3/0x1c0 [ 20.322364][ T452] Code: c3 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c f8 fe ff ff e8 a1 3f cc ff 48 ba 00 00 00 00 00 fc ff df e9 e4 fe ff ff e8 fd f2 89 ff <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 55 48 89 e5 41 57 41 56 41 [ 20.342016][ T452] RSP: 0018:ffffc900009f76b8 EFLAGS: 00010293 [ 20.347977][ T452] RAX: ffffffff81e79e93 RBX: ffffffff8603902d RCX: ffff88810c3da780 [ 20.355773][ T452] RDX: 0000000000000000 RSI: 0000000000000331 RDI: ffffffff8603902d [ 20.363612][ T452] RBP: ffffc900009f76f0 R08: ffffffff81ed2e18 R09: ffffed1023b9f661 [ 20.371467][ T452] R10: ffffed1023b9f661 R11: 1ffff11023b9f660 R12: ffff888109976ad8 [ 20.379344][ T452] R13: 0000000000000000 R14: 0000000000000012 R15: 0000000000000331 [ 20.387195][ T452] FS: 00007fe81c3e0700(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 20.395999][ T452] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 20.402488][ T452] CR2: 00007fe8140bf718 CR3: 000000010c0b4000 CR4: 00000000003506b0 [ 20.410462][ T452] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 20.418293][ T452] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 20.426191][ T452] Kernel panic - not syncing: Fatal exception [ 20.432097][ T452] Kernel Offset: disabled [ 20.436214][ T452] Rebooting in 86400 seconds..