./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor183034032 <...> Warning: Permanently added '10.128.0.235' (ED25519) to the list of known hosts. execve("./syz-executor183034032", ["./syz-executor183034032"], 0x7ffe425f7830 /* 10 vars */) = 0 brk(NULL) = 0x555556218000 brk(0x555556218d40) = 0x555556218d40 arch_prctl(ARCH_SET_FS, 0x5555562183c0) = 0 set_tid_address(0x555556218690) = 5041 set_robust_list(0x5555562186a0, 24) = 0 rseq(0x555556218ce0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor183034032", 4096) = 27 getrandom("\x34\xaa\x99\xed\xec\x63\x66\x71", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555556218d40 brk(0x555556239d40) = 0x555556239d40 brk(0x55555623a000) = 0x55555623a000 mprotect(0x7f3dc913c000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 mkdir("./syzkaller.rrd4aj", 0700) = 0 chmod("./syzkaller.rrd4aj", 0777) = 0 chdir("./syzkaller.rrd4aj") = 0 mkdir("./0", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5042 attached , child_tidptr=0x555556218690) = 5042 [pid 5042] set_robust_list(0x5555562186a0, 24) = 0 [pid 5042] chdir("./0") = 0 [pid 5042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5042] setpgid(0, 0) = 0 [pid 5042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5042] write(3, "1000", 4) = 4 [pid 5042] close(3) = 0 [pid 5042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5042] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5042] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5043]}, 88) = 5043 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5043 attached [pid 5042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5043] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5043] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5043] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5043] memfd_create("syzkaller", 0) = 3 [pid 5043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5043] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5043] close(3) = 0 [pid 5043] mkdir("./file0", 0777) = 0 [pid 5043] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5043] chdir("./file0") = 0 [pid 5043] ioctl(4, LOOP_CLR_FD) = 0 [pid 5043] close(4) = 0 [pid 5043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5043] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] <... futex resumed>) = 0 [pid 5042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... futex resumed>) = 0 [pid 5043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5043] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] <... futex resumed>) = 0 [pid 5043] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5042] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5043] <... open resumed>) = 5 [pid 5043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5042] <... futex resumed>) = 0 [pid 5043] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5043] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5042] <... futex resumed>) = 0 [pid 5043] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5042] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5042] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5043] <... mmap resumed>) = 0x20000000 [pid 5043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5042] <... mprotect resumed>) = 0 [pid 5043] <... futex resumed>) = 0 [pid 5043] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5045]}, 88) = 5045 [pid 5042] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5042] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5042] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5045 attached [pid 5045] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5045] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5045] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5043] <... futex resumed>) = ? [pid 5045] +++ killed by SIGBUS +++ [pid 5043] +++ killed by SIGBUS +++ [pid 5042] <... futex resumed>) = ? [pid 5042] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5042, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./0/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./0/binderfs") = 0 [ 71.755849][ T5043] syz-executor183[5043]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.785916][ T5043] loop0: detected capacity change from 0 to 2048 [ 71.797159][ T5043] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./0/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./0/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./0") = 0 mkdir("./1", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5046 attached , child_tidptr=0x555556218690) = 5046 [pid 5046] set_robust_list(0x5555562186a0, 24) = 0 [pid 5046] chdir("./1") = 0 [pid 5046] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5046] setpgid(0, 0) = 0 [pid 5046] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5046] write(3, "1000", 4) = 4 [pid 5046] close(3) = 0 [pid 5046] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5046] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5046] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5046] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5047 attached => {parent_tid=[5047]}, 88) = 5047 [pid 5047] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5047] set_robust_list(0x7f3dc90769a0, 24 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], [pid 5047] <... set_robust_list resumed>) = 0 [pid 5046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5047] rt_sigprocmask(SIG_SETMASK, [], [pid 5046] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5046] <... futex resumed>) = 0 [pid 5047] memfd_create("syzkaller", 0 [pid 5046] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5047] <... memfd_create resumed>) = 3 [pid 5047] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5047] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5047] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5047] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5047] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5047] close(3) = 0 [pid 5047] mkdir("./file0", 0777) = 0 [ 71.854989][ T5047] syz-executor183[5047]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.885761][ T5047] loop0: detected capacity change from 0 to 2048 [pid 5047] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5047] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5047] chdir("./file0") = 0 [pid 5047] ioctl(4, LOOP_CLR_FD) = 0 [pid 5047] close(4) = 0 [pid 5047] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5046] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5047] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5046] <... futex resumed>) = 0 [pid 5047] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5047] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5046] <... futex resumed>) = 0 [pid 5047] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5046] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5047] <... open resumed>) = 5 [pid 5047] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5046] <... futex resumed>) = 0 [pid 5046] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] <... futex resumed>) = 1 [pid 5046] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5047] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5046] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5047] <... mmap resumed>) = 0x20000000 [pid 5046] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5046] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5046] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5047] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5047] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5046] <... clone3 resumed> => {parent_tid=[5048]}, 88) = 5048 [pid 5046] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5048 attached [pid 5048] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5046] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5046] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5048] <... rseq resumed>) = 0 [pid 5048] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5048] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5047] <... futex resumed>) = ? [pid 5048] +++ killed by SIGBUS +++ [pid 5047] +++ killed by SIGBUS +++ [pid 5046] <... futex resumed>) = ? [pid 5046] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5046, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./1", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./1/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./1/binderfs") = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./1/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./1/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./1") = 0 mkdir("./2", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5049 attached , child_tidptr=0x555556218690) = 5049 [pid 5049] set_robust_list(0x5555562186a0, 24) = 0 [ 71.898848][ T5047] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5049] chdir("./2") = 0 [pid 5049] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5049] setpgid(0, 0) = 0 [pid 5049] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5049] write(3, "1000", 4) = 4 [pid 5049] close(3) = 0 [pid 5049] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5049] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5049] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5049] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5050 attached => {parent_tid=[5050]}, 88) = 5050 [pid 5049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5049] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5050] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5050] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5050] memfd_create("syzkaller", 0) = 3 [pid 5050] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5050] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5050] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5050] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5050] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5050] close(3) = 0 [pid 5050] mkdir("./file0", 0777) = 0 [ 71.958610][ T5050] syz-executor183[5050]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 71.988785][ T5050] loop0: detected capacity change from 0 to 2048 [pid 5050] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5050] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5050] chdir("./file0") = 0 [pid 5050] ioctl(4, LOOP_CLR_FD) = 0 [pid 5050] close(4) = 0 [pid 5050] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5050] <... futex resumed>) = 0 [pid 5049] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5050] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5049] <... futex resumed>) = 0 [pid 5050] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5049] <... futex resumed>) = 0 [pid 5050] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5049] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5050] <... open resumed>) = 5 [pid 5050] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5049] <... futex resumed>) = 0 [pid 5050] <... futex resumed>) = 1 [pid 5049] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5050] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5049] <... futex resumed>) = 0 [pid 5049] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5049] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5050] <... mmap resumed>) = 0x20000000 [pid 5049] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5049] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5049] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5049] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5050] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5051 attached [pid 5050] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5051] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5051] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5051] rt_sigprocmask(SIG_SETMASK, [], [pid 5049] <... clone3 resumed> => {parent_tid=[5051]}, 88) = 5051 [pid 5051] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5051] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5049] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5051] <... futex resumed>) = 0 [pid 5049] <... futex resumed>) = 1 [pid 5049] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5051] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5050] <... futex resumed>) = ? [pid 5049] <... futex resumed>) = ? [pid 5050] +++ killed by SIGBUS +++ [pid 5051] +++ killed by SIGBUS +++ [pid 5049] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5049, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./2", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./2/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./2/binderfs") = 0 [ 72.002393][ T5050] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./2/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./2/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./2") = 0 mkdir("./3", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5052 attached , child_tidptr=0x555556218690) = 5052 [pid 5052] set_robust_list(0x5555562186a0, 24) = 0 [pid 5052] chdir("./3") = 0 [pid 5052] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5052] setpgid(0, 0) = 0 [pid 5052] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5052] write(3, "1000", 4) = 4 [pid 5052] close(3) = 0 [pid 5052] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5052] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5052] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5052] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5053 attached [pid 5053] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5053] set_robust_list(0x7f3dc90769a0, 24 [pid 5052] <... clone3 resumed> => {parent_tid=[5053]}, 88) = 5053 [pid 5053] <... set_robust_list resumed>) = 0 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], [pid 5053] rt_sigprocmask(SIG_SETMASK, [], [pid 5052] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5053] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5052] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] memfd_create("syzkaller", 0 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5053] <... memfd_create resumed>) = 3 [pid 5053] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5053] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5053] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5053] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5053] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5053] close(3) = 0 [pid 5053] mkdir("./file0", 0777) = 0 [pid 5053] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5053] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5053] chdir("./file0") = 0 [pid 5053] ioctl(4, LOOP_CLR_FD) = 0 [pid 5053] close(4) = 0 [pid 5053] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5053] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5052] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] <... open resumed>) = 4 [pid 5053] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5053] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 0 [pid 5052] <... futex resumed>) = 1 [pid 5052] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5053] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5053] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] <... futex resumed>) = 0 [pid 5052] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5053] <... futex resumed>) = 1 [pid 5052] <... futex resumed>) = 0 [pid 5053] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5052] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5053] <... mmap resumed>) = 0x20000000 [pid 5052] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5053] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5052] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5053] <... futex resumed>) = 0 [pid 5053] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5052] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5052] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5054]}, 88) = 5054 [pid 5052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5052] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5052] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5054 attached [pid 5054] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5054] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5054] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5053] <... futex resumed>) = ? [pid 5053] +++ killed by SIGBUS +++ [pid 5052] <... futex resumed>) = ? [pid 5054] +++ killed by SIGBUS +++ [pid 5052] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5052, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./3", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.076585][ T5053] syz-executor183[5053]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.105880][ T5053] loop0: detected capacity change from 0 to 2048 [ 72.116839][ T5053] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./3/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./3/binderfs") = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./3/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./3/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./3") = 0 mkdir("./4", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5055 ./strace-static-x86_64: Process 5055 attached [pid 5055] set_robust_list(0x5555562186a0, 24) = 0 [pid 5055] chdir("./4") = 0 [pid 5055] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5055] setpgid(0, 0) = 0 [pid 5055] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5055] write(3, "1000", 4) = 4 [pid 5055] close(3) = 0 [pid 5055] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5055] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5055] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5055] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5056 attached [pid 5056] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5056] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5055] <... clone3 resumed> => {parent_tid=[5056]}, 88) = 5056 [pid 5056] rt_sigprocmask(SIG_SETMASK, [], [pid 5055] rt_sigprocmask(SIG_SETMASK, [], [pid 5056] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5055] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5055] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5056] memfd_create("syzkaller", 0) = 3 [pid 5056] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5056] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5056] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5056] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5056] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5056] close(3) = 0 [pid 5056] mkdir("./file0", 0777) = 0 [pid 5056] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5056] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5056] chdir("./file0") = 0 [pid 5056] ioctl(4, LOOP_CLR_FD) = 0 [pid 5056] close(4) = 0 [pid 5056] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = 0 [pid 5055] <... futex resumed>) = 1 [pid 5056] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5055] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... open resumed>) = 4 [pid 5056] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5055] <... futex resumed>) = 0 [pid 5056] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5055] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5056] <... open resumed>) = 5 [ 72.216168][ T5056] syz-executor183[5056]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.238594][ T5056] loop0: detected capacity change from 0 to 2048 [ 72.250118][ T5056] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5056] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] <... futex resumed>) = 0 [pid 5056] <... futex resumed>) = 1 [pid 5055] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5055] <... futex resumed>) = 0 [pid 5055] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5056] <... mmap resumed>) = 0x20000000 [pid 5055] <... futex resumed>) = 0 [pid 5056] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5055] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5056] <... futex resumed>) = 0 [pid 5055] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5056] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5055] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5055] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5055] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5057 attached [pid 5057] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5055] <... clone3 resumed> => {parent_tid=[5057]}, 88) = 5057 [pid 5055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5055] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5057] <... rseq resumed>) = 0 [pid 5057] set_robust_list(0x7f3dc0d559a0, 24 [pid 5055] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5057] <... set_robust_list resumed>) = 0 [pid 5057] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5057] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5055] <... futex resumed>) = ? [pid 5057] +++ killed by SIGBUS +++ [pid 5056] <... futex resumed>) = ? [pid 5056] +++ killed by SIGBUS +++ [pid 5055] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5055, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./4", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./4/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./4/binderfs") = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./4/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./4/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./4") = 0 mkdir("./5", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5058 ./strace-static-x86_64: Process 5058 attached [pid 5058] set_robust_list(0x5555562186a0, 24) = 0 [pid 5058] chdir("./5") = 0 [pid 5058] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5058] setpgid(0, 0) = 0 [pid 5058] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5058] write(3, "1000", 4) = 4 [pid 5058] close(3) = 0 [pid 5058] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5058] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5058] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5058] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5059 attached => {parent_tid=[5059]}, 88) = 5059 [pid 5059] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5059] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5059] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5059] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5058] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5059] memfd_create("syzkaller", 0) = 3 [pid 5059] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5059] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5059] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5059] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5059] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5059] close(3) = 0 [pid 5059] mkdir("./file0", 0777) = 0 [pid 5059] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5059] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5059] chdir("./file0") = 0 [pid 5059] ioctl(4, LOOP_CLR_FD) = 0 [pid 5059] close(4) = 0 [pid 5059] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5059] <... futex resumed>) = 0 [pid 5059] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5058] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... open resumed>) = 4 [pid 5059] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5059] <... futex resumed>) = 1 [pid 5059] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5059] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5058] <... futex resumed>) = 0 [pid 5058] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5059] <... futex resumed>) = 1 [pid 5058] <... futex resumed>) = 0 [pid 5058] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5059] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5058] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5059] <... mmap resumed>) = 0x20000000 [pid 5058] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5058] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5058] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5059] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5059] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5058] <... clone3 resumed> => {parent_tid=[5060]}, 88) = 5060 [pid 5058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5058] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5058] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5060 attached [pid 5060] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5060] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5060] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5058] <... futex resumed>) = ? [pid 5059] <... futex resumed>) = ? [pid 5059] +++ killed by SIGBUS +++ [pid 5060] +++ killed by SIGBUS +++ [pid 5058] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5058, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./5", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 72.374399][ T5059] syz-executor183[5059]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.398057][ T5059] loop0: detected capacity change from 0 to 2048 [ 72.408810][ T5059] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./5/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./5/binderfs") = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./5/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./5/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./5") = 0 mkdir("./6", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5061 ./strace-static-x86_64: Process 5061 attached [pid 5061] set_robust_list(0x5555562186a0, 24) = 0 [pid 5061] chdir("./6") = 0 [pid 5061] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5061] setpgid(0, 0) = 0 [pid 5061] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5061] write(3, "1000", 4) = 4 [pid 5061] close(3) = 0 [pid 5061] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5061] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5061] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5061] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5061] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5061] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5061] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5062 attached => {parent_tid=[5062]}, 88) = 5062 [pid 5061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5061] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5061] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5062] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5062] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5062] memfd_create("syzkaller", 0) = 3 [pid 5062] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5062] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5062] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5062] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5062] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5062] close(3) = 0 [pid 5062] mkdir("./file0", 0777) = 0 [pid 5062] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5062] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5062] chdir("./file0") = 0 [pid 5062] ioctl(4, LOOP_CLR_FD) = 0 [pid 5062] close(4) = 0 [pid 5062] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5061] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5062] <... futex resumed>) = 0 [pid 5062] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5062] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5062] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 0 [pid 5061] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5062] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5062] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5062] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5061] <... futex resumed>) = 1 [pid 5061] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5061] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = 1 [pid 5062] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5061] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5062] <... futex resumed>) = 0 [pid 5061] <... futex resumed>) = 0 [pid 5062] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5062] +++ killed by SIGBUS +++ [pid 5061] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5061, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./6", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./6/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./6/binderfs") = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./6/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./6/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./6") = 0 mkdir("./7", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5063 ./strace-static-x86_64: Process 5063 attached [pid 5063] set_robust_list(0x5555562186a0, 24) = 0 [ 72.500176][ T5062] syz-executor183[5062]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.524316][ T5062] loop0: detected capacity change from 0 to 2048 [ 72.536354][ T5062] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5063] chdir("./7") = 0 [pid 5063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5063] setpgid(0, 0) = 0 [pid 5063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5063] write(3, "1000", 4) = 4 [pid 5063] close(3) = 0 [pid 5063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5063] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5063] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5064 attached => {parent_tid=[5064]}, 88) = 5064 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5064] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5064] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5064] memfd_create("syzkaller", 0) = 3 [pid 5064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5064] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5064] close(3) = 0 [pid 5064] mkdir("./file0", 0777) = 0 [pid 5064] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5064] chdir("./file0") = 0 [pid 5064] ioctl(4, LOOP_CLR_FD) = 0 [pid 5064] close(4) = 0 [pid 5064] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5063] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... open resumed>) = 4 [pid 5064] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5064] <... futex resumed>) = 0 [pid 5064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5064] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5063] <... futex resumed>) = 0 [pid 5064] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] <... mmap resumed>) = 0x20000000 [pid 5063] <... futex resumed>) = 0 [pid 5063] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5064] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5064] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5063] <... futex resumed>) = 0 [pid 5063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5063] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5065 attached => {parent_tid=[5065]}, 88) = 5065 [pid 5065] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5063] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5065] set_robust_list(0x7f3dc0d559a0, 24 [pid 5063] <... futex resumed>) = 0 [pid 5065] <... set_robust_list resumed>) = 0 [pid 5063] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5065] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5064] <... futex resumed>) = ? [pid 5063] <... futex resumed>) = ? [pid 5064] +++ killed by SIGBUS +++ [pid 5065] +++ killed by SIGBUS +++ [pid 5063] +++ killed by SIGBUS +++ [ 72.606359][ T5064] syz-executor183[5064]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.635939][ T5064] loop0: detected capacity change from 0 to 2048 [ 72.647654][ T5064] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5063, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./7", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./7/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./7/binderfs") = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./7/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./7/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./7") = 0 mkdir("./8", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5066 attached , child_tidptr=0x555556218690) = 5066 [pid 5066] set_robust_list(0x5555562186a0, 24) = 0 [pid 5066] chdir("./8") = 0 [pid 5066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5066] setpgid(0, 0) = 0 [pid 5066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5066] write(3, "1000", 4) = 4 [pid 5066] close(3) = 0 [pid 5066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5066] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5066] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5067 attached => {parent_tid=[5067]}, 88) = 5067 [pid 5067] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], [pid 5067] set_robust_list(0x7f3dc90769a0, 24 [pid 5066] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] <... set_robust_list resumed>) = 0 [pid 5066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] rt_sigprocmask(SIG_SETMASK, [], [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5067] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5067] memfd_create("syzkaller", 0) = 3 [pid 5067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5067] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5067] close(3) = 0 [pid 5067] mkdir("./file0", 0777) = 0 [pid 5067] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5067] chdir("./file0") = 0 [pid 5067] ioctl(4, LOOP_CLR_FD) = 0 [pid 5067] close(4) = 0 [pid 5067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 0 [pid 5067] <... futex resumed>) = 1 [pid 5066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] <... open resumed>) = 4 [pid 5067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5067] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = 0 [pid 5066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5067] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... futex resumed>) = 1 [pid 5067] <... futex resumed>) = 0 [pid 5066] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5067] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... futex resumed>) = 0 [pid 5066] <... futex resumed>) = 1 [pid 5067] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5066] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5067] <... mmap resumed>) = 0x20000000 [pid 5066] <... futex resumed>) = 0 [pid 5066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5066] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5066] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5066] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5067] <... futex resumed>) = 0 [pid 5066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5067] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5066] <... clone3 resumed> => {parent_tid=[5068]}, 88) = 5068 [pid 5066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5066] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5066] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5068 attached [pid 5068] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5068] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5068] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5066] <... futex resumed>) = ? [pid 5067] <... futex resumed>) = ? [pid 5067] +++ killed by SIGBUS +++ [pid 5068] +++ killed by SIGBUS +++ [pid 5066] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5066, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./8", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./8/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./8/binderfs") = 0 [ 72.718500][ T5067] syz-executor183[5067]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.742533][ T5067] loop0: detected capacity change from 0 to 2048 [ 72.755092][ T5067] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./8/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./8/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./8") = 0 mkdir("./9", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5069 attached , child_tidptr=0x555556218690) = 5069 [pid 5069] set_robust_list(0x5555562186a0, 24) = 0 [pid 5069] chdir("./9") = 0 [pid 5069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5069] setpgid(0, 0) = 0 [pid 5069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5069] write(3, "1000", 4) = 4 [pid 5069] close(3) = 0 [pid 5069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5069] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5069] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5070]}, 88) = 5070 ./strace-static-x86_64: Process 5070 attached [pid 5069] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5069] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5070] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5070] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5070] memfd_create("syzkaller", 0) = 3 [pid 5070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5070] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5070] close(3) = 0 [pid 5070] mkdir("./file0", 0777) = 0 [pid 5070] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5070] chdir("./file0") = 0 [pid 5070] ioctl(4, LOOP_CLR_FD) = 0 [pid 5070] close(4) = 0 [pid 5070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] <... futex resumed>) = 0 [pid 5069] <... futex resumed>) = 1 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5069] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] <... open resumed>) = 4 [pid 5070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5069] <... futex resumed>) = 0 [pid 5070] <... open resumed>) = 5 [pid 5069] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5070] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5069] <... futex resumed>) = 0 [pid 5070] <... mmap resumed>) = 0x20000000 [pid 5069] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5069] <... futex resumed>) = 0 [pid 5070] <... futex resumed>) = 0 [pid 5069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5070] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5069] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5069] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5071 attached => {parent_tid=[5071]}, 88) = 5071 [pid 5071] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5069] rt_sigprocmask(SIG_SETMASK, [], [pid 5071] <... rseq resumed>) = 0 [pid 5069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] set_robust_list(0x7f3dc0d559a0, 24 [pid 5069] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5071] <... set_robust_list resumed>) = 0 [pid 5069] <... futex resumed>) = 0 [pid 5071] rt_sigprocmask(SIG_SETMASK, [], [pid 5069] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5071] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5070] <... futex resumed>) = ? [pid 5069] <... futex resumed>) = ? [pid 5070] +++ killed by SIGBUS +++ [pid 5071] +++ killed by SIGBUS +++ [pid 5069] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5069, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./9", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./9/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./9/binderfs") = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 72.837787][ T5070] syz-executor183[5070]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 72.860634][ T5070] loop0: detected capacity change from 0 to 2048 [ 72.874288][ T5070] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./9/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./9/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./9") = 0 mkdir("./10", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5072 ./strace-static-x86_64: Process 5072 attached [pid 5072] set_robust_list(0x5555562186a0, 24) = 0 [pid 5072] chdir("./10") = 0 [pid 5072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5072] setpgid(0, 0) = 0 [pid 5072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5072] write(3, "1000", 4) = 4 [pid 5072] close(3) = 0 [pid 5072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5072] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5072] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5073]}, 88) = 5073 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5072] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5073 attached [pid 5073] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5073] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5073] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5073] memfd_create("syzkaller", 0) = 3 [pid 5073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5073] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5073] close(3) = 0 [pid 5073] mkdir("./file0", 0777) = 0 [pid 5073] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5073] chdir("./file0") = 0 [pid 5073] ioctl(4, LOOP_CLR_FD) = 0 [pid 5073] close(4) = 0 [pid 5073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5073] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5073] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... open resumed>) = 4 [pid 5073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5073] <... open resumed>) = 5 [pid 5073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... futex resumed>) = 0 [pid 5072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5073] <... futex resumed>) = 0 [pid 5072] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5073] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5072] <... futex resumed>) = 0 [pid 5072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5073] <... mmap resumed>) = 0x20000000 [pid 5073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5073] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5072] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5072] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5074 attached [pid 5074] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5072] <... clone3 resumed> => {parent_tid=[5074]}, 88) = 5074 [pid 5074] <... rseq resumed>) = 0 [pid 5072] rt_sigprocmask(SIG_SETMASK, [], [pid 5074] set_robust_list(0x7f3dc0d559a0, 24 [pid 5072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5074] <... set_robust_list resumed>) = 0 [pid 5072] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5074] rt_sigprocmask(SIG_SETMASK, [], [pid 5072] <... futex resumed>) = 0 [pid 5074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5072] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5074] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5073] <... futex resumed>) = ? [pid 5072] <... futex resumed>) = ? [pid 5074] +++ killed by SIGBUS +++ [pid 5073] +++ killed by SIGBUS +++ [pid 5072] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5072, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./10", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./10/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./10/binderfs") = 0 [ 72.974261][ T5073] loop0: detected capacity change from 0 to 2048 [ 72.985234][ T5073] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./10/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./10/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./10/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./10/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./10") = 0 mkdir("./11", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5075 ./strace-static-x86_64: Process 5075 attached [pid 5075] set_robust_list(0x5555562186a0, 24) = 0 [pid 5075] chdir("./11") = 0 [pid 5075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5075] setpgid(0, 0) = 0 [pid 5075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5075] write(3, "1000", 4) = 4 [pid 5075] close(3) = 0 [pid 5075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5075] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5075] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5075] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5076 attached [pid 5076] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5076] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5076] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5076] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... clone3 resumed> => {parent_tid=[5076]}, 88) = 5076 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5075] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5076] memfd_create("syzkaller", 0) = 3 [pid 5076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5076] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5076] close(3) = 0 [pid 5076] mkdir("./file0", 0777) = 0 [pid 5076] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5076] chdir("./file0") = 0 [pid 5076] ioctl(4, LOOP_CLR_FD) = 0 [pid 5076] close(4) = 0 [pid 5076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5076] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... futex resumed>) = 0 [pid 5075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5076] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5075] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... open resumed>) = 4 [pid 5076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5075] <... futex resumed>) = 0 [pid 5076] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5076] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5075] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5076] <... open resumed>) = 5 [pid 5076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5075] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5076] <... futex resumed>) = 0 [pid 5076] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5075] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5076] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5075] <... futex resumed>) = 0 [pid 5076] <... mmap resumed>) = 0x20000000 [pid 5075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5076] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5075] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5077 attached [pid 5077] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5075] <... clone3 resumed> => {parent_tid=[5077]}, 88) = 5077 [pid 5075] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5077] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5077] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5075] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5077] <... futex resumed>) = 0 [pid 5075] <... futex resumed>) = 1 [pid 5077] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5075] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5076] <... futex resumed>) = ? [pid 5076] +++ killed by SIGBUS +++ [pid 5077] +++ killed by SIGBUS +++ [pid 5075] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5075, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./11", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./11/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./11/binderfs") = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./11/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./11/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./11/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./11/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 73.094767][ T5076] loop0: detected capacity change from 0 to 2048 [ 73.106285][ T5076] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./11") = 0 mkdir("./12", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5078 attached [pid 5078] set_robust_list(0x5555562186a0, 24) = 0 [pid 5078] chdir("./12" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5078 [pid 5078] <... chdir resumed>) = 0 [pid 5078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5078] setpgid(0, 0) = 0 [pid 5078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5078] write(3, "1000", 4) = 4 [pid 5078] close(3) = 0 [pid 5078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5078] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5078] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5079 attached => {parent_tid=[5079]}, 88) = 5079 [pid 5079] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], [pid 5079] <... rseq resumed>) = 0 [pid 5078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] set_robust_list(0x7f3dc90769a0, 24 [pid 5078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... set_robust_list resumed>) = 0 [pid 5078] <... futex resumed>) = 0 [pid 5079] rt_sigprocmask(SIG_SETMASK, [], [pid 5078] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5079] memfd_create("syzkaller", 0) = 3 [pid 5079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5079] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5079] close(3) = 0 [pid 5079] mkdir("./file0", 0777) = 0 [pid 5079] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5079] chdir("./file0") = 0 [pid 5079] ioctl(4, LOOP_CLR_FD) = 0 [pid 5079] close(4) = 0 [pid 5079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 4 [pid 5079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5078] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5079] <... open resumed>) = 5 [pid 5079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5078] <... futex resumed>) = 0 [pid 5079] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5078] <... futex resumed>) = 0 [pid 5078] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5079] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5078] <... futex resumed>) = 0 [pid 5079] <... mmap resumed>) = 0x20000000 [pid 5078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5078] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5079] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5080]}, 88) = 5080 [pid 5078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5078] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5078] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5080 attached [pid 5080] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5080] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5080] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5078] <... futex resumed>) = ? [pid 5079] <... futex resumed>) = ? [pid 5080] +++ killed by SIGBUS +++ [pid 5079] +++ killed by SIGBUS +++ [pid 5078] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5078, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./12", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./12/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./12/binderfs") = 0 [ 73.207573][ T5079] loop0: detected capacity change from 0 to 2048 [ 73.218971][ T5079] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./12/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./12/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./12/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./12/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./12") = 0 mkdir("./13", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5081 ./strace-static-x86_64: Process 5081 attached [pid 5081] set_robust_list(0x5555562186a0, 24) = 0 [pid 5081] chdir("./13") = 0 [pid 5081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5081] setpgid(0, 0) = 0 [pid 5081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5081] write(3, "1000", 4) = 4 [pid 5081] close(3) = 0 [pid 5081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5081] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5081] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5082]}, 88) = 5082 ./strace-static-x86_64: Process 5082 attached [pid 5081] rt_sigprocmask(SIG_SETMASK, [], [pid 5082] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5082] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] rt_sigprocmask(SIG_SETMASK, [], [pid 5081] <... futex resumed>) = 0 [pid 5082] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5081] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5082] memfd_create("syzkaller", 0) = 3 [pid 5082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5082] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5082] close(3) = 0 [pid 5082] mkdir("./file0", 0777) = 0 [pid 5082] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5082] chdir("./file0") = 0 [pid 5082] ioctl(4, LOOP_CLR_FD) = 0 [pid 5082] close(4) = 0 [pid 5082] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5082] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 0 [pid 5082] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5081] <... futex resumed>) = 1 [pid 5081] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5082] <... futex resumed>) = 1 [pid 5082] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5082] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5081] <... futex resumed>) = 0 [pid 5081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5082] <... futex resumed>) = 1 [pid 5081] <... futex resumed>) = 0 [pid 5081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5082] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5081] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5082] <... mmap resumed>) = 0x20000000 [pid 5081] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5083 attached [pid 5082] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5082] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5081] <... clone3 resumed> => {parent_tid=[5083]}, 88) = 5083 [pid 5081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5081] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5081] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5083] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5083] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5083] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5081] <... futex resumed>) = ? [pid 5082] <... futex resumed>) = ? [pid 5082] +++ killed by SIGBUS +++ [pid 5083] +++ killed by SIGBUS +++ [pid 5081] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5081, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./13", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./13/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./13/binderfs") = 0 [ 73.332341][ T5082] loop0: detected capacity change from 0 to 2048 [ 73.344363][ T5082] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./13/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./13/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./13/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./13/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./13") = 0 mkdir("./14", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5084 attached , child_tidptr=0x555556218690) = 5084 [pid 5084] set_robust_list(0x5555562186a0, 24) = 0 [pid 5084] chdir("./14") = 0 [pid 5084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5084] setpgid(0, 0) = 0 [pid 5084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5084] write(3, "1000", 4) = 4 [pid 5084] close(3) = 0 [pid 5084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5084] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5084] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5085]}, 88) = 5085 ./strace-static-x86_64: Process 5085 attached [pid 5084] rt_sigprocmask(SIG_SETMASK, [], [pid 5085] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] set_robust_list(0x7f3dc90769a0, 24 [pid 5084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... set_robust_list resumed>) = 0 [pid 5084] <... futex resumed>) = 0 [pid 5085] rt_sigprocmask(SIG_SETMASK, [], [pid 5084] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5085] memfd_create("syzkaller", 0) = 3 [pid 5085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5085] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5085] close(3) = 0 [pid 5085] mkdir("./file0", 0777) = 0 [pid 5085] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5085] chdir("./file0") = 0 [pid 5085] ioctl(4, LOOP_CLR_FD) = 0 [pid 5085] close(4) = 0 [pid 5085] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5084] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] <... futex resumed>) = 0 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5085] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5085] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] <... futex resumed>) = 0 [pid 5084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] <... futex resumed>) = 0 [pid 5084] <... futex resumed>) = 1 [pid 5085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5084] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5085] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5085] <... futex resumed>) = 0 [pid 5084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5085] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5084] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5085] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5084] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5085] <... futex resumed>) = 0 [pid 5085] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5084] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5086 attached => {parent_tid=[5086]}, 88) = 5086 [pid 5084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5084] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5084] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5086] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5086] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5086] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5084] <... futex resumed>) = ? [pid 5086] +++ killed by SIGBUS +++ [pid 5085] <... futex resumed>) = ? [pid 5085] +++ killed by SIGBUS +++ [pid 5084] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5084, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./14", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 73.458564][ T5085] loop0: detected capacity change from 0 to 2048 [ 73.470498][ T5085] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./14", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./14/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./14/binderfs") = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./14/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./14/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./14/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./14/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./14") = 0 mkdir("./15", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5087 attached , child_tidptr=0x555556218690) = 5087 [pid 5087] set_robust_list(0x5555562186a0, 24) = 0 [pid 5087] chdir("./15") = 0 [pid 5087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5087] setpgid(0, 0) = 0 [pid 5087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5087] write(3, "1000", 4) = 4 [pid 5087] close(3) = 0 [pid 5087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5087] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5087] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5088]}, 88) = 5088 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5088 attached [pid 5088] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5088] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5088] memfd_create("syzkaller", 0) = 3 [pid 5088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5088] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5088] close(3) = 0 [pid 5088] mkdir("./file0", 0777) = 0 [pid 5088] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5088] chdir("./file0") = 0 [pid 5088] ioctl(4, LOOP_CLR_FD) = 0 [pid 5088] close(4) = 0 [pid 5088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5088] <... futex resumed>) = 0 [pid 5088] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5087] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] <... open resumed>) = 4 [pid 5088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5088] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5087] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5088] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5088] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5089 attached [pid 5087] <... clone3 resumed> => {parent_tid=[5089]}, 88) = 5089 [pid 5087] rt_sigprocmask(SIG_SETMASK, [], [pid 5089] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5087] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5089] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5087] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5089] rt_sigprocmask(SIG_SETMASK, [], [pid 5087] <... futex resumed>) = 0 [pid 5087] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5089] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5088] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5089] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5088] <... futex resumed>) = ? [pid 5088] +++ killed by SIGBUS +++ [pid 5089] +++ killed by SIGBUS +++ [pid 5087] <... futex resumed>) = ? [pid 5087] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5087, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./15", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./15/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./15/binderfs") = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./15/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./15/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./15/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 73.592184][ T5088] loop0: detected capacity change from 0 to 2048 [ 73.604967][ T5088] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./15/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./15") = 0 mkdir("./16", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5090 ./strace-static-x86_64: Process 5090 attached [pid 5090] set_robust_list(0x5555562186a0, 24) = 0 [pid 5090] chdir("./16") = 0 [pid 5090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5090] setpgid(0, 0) = 0 [pid 5090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5090] write(3, "1000", 4) = 4 [pid 5090] close(3) = 0 [pid 5090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5090] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5090] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5091 attached [pid 5091] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5090] <... clone3 resumed> => {parent_tid=[5091]}, 88) = 5091 [pid 5091] <... rseq resumed>) = 0 [pid 5091] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5091] memfd_create("syzkaller", 0) = 3 [pid 5091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5091] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5091] close(3) = 0 [pid 5091] mkdir("./file0", 0777) = 0 [pid 5091] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5091] chdir("./file0") = 0 [pid 5091] ioctl(4, LOOP_CLR_FD) = 0 [pid 5091] close(4) = 0 [pid 5091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5091] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = 0 [pid 5090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5090] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... open resumed>) = 4 [pid 5091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5090] <... futex resumed>) = 0 [pid 5091] <... open resumed>) = 5 [pid 5091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... futex resumed>) = 0 [pid 5090] <... futex resumed>) = 1 [pid 5091] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5090] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5091] <... mmap resumed>) = 0x20000000 [pid 5090] <... futex resumed>) = 0 [pid 5091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5091] <... futex resumed>) = 0 [pid 5091] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5090] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5090] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5092 attached => {parent_tid=[5092]}, 88) = 5092 [pid 5092] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5092] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5090] rt_sigprocmask(SIG_SETMASK, [], [pid 5092] rt_sigprocmask(SIG_SETMASK, [], [pid 5090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5092] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5090] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5090] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5091] <... futex resumed>) = ? [pid 5091] +++ killed by SIGBUS +++ [pid 5090] <... futex resumed>) = ? [pid 5092] +++ killed by SIGBUS +++ [pid 5090] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5090, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./16", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./16/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./16/binderfs") = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./16/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./16/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./16/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./16/file0") = 0 [ 73.703100][ T5091] loop0: detected capacity change from 0 to 2048 [ 73.715449][ T5091] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./16") = 0 mkdir("./17", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5093 attached , child_tidptr=0x555556218690) = 5093 [pid 5093] set_robust_list(0x5555562186a0, 24) = 0 [pid 5093] chdir("./17") = 0 [pid 5093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5093] setpgid(0, 0) = 0 [pid 5093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5093] write(3, "1000", 4) = 4 [pid 5093] close(3) = 0 [pid 5093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5093] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5093] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5094]}, 88) = 5094 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5094 attached [pid 5094] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5094] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5094] memfd_create("syzkaller", 0) = 3 [pid 5094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5094] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5094] close(3) = 0 [pid 5094] mkdir("./file0", 0777) = 0 [pid 5094] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5094] chdir("./file0") = 0 [pid 5094] ioctl(4, LOOP_CLR_FD) = 0 [pid 5094] close(4) = 0 [pid 5094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5094] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5093] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... open resumed>) = 4 [pid 5094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5093] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5094] <... open resumed>) = 5 [pid 5094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5093] <... futex resumed>) = 0 [pid 5094] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5094] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5093] <... futex resumed>) = 0 [pid 5094] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5093] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5094] <... mmap resumed>) = 0x20000000 [pid 5094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5094] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5093] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5095]}, 88) = 5095 [pid 5093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5093] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5093] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5095 attached [pid 5095] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5095] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5095] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5094] <... futex resumed>) = ? [pid 5093] <... futex resumed>) = ? [pid 5094] +++ killed by SIGBUS +++ [pid 5095] +++ killed by SIGBUS +++ [pid 5093] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5093, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./17", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./17/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./17/binderfs") = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./17/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 73.787065][ T5094] loop0: detected capacity change from 0 to 2048 [ 73.801224][ T5094] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./17/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./17/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./17/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./17") = 0 mkdir("./18", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5096 attached [pid 5096] set_robust_list(0x5555562186a0, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5096 [pid 5096] <... set_robust_list resumed>) = 0 [pid 5096] chdir("./18") = 0 [pid 5096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5096] setpgid(0, 0) = 0 [pid 5096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5096] write(3, "1000", 4) = 4 [pid 5096] close(3) = 0 [pid 5096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5096] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5096] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5097]}, 88) = 5097 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5097 attached [pid 5097] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5097] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5097] memfd_create("syzkaller", 0) = 3 [pid 5097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5097] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5097] close(3) = 0 [pid 5097] mkdir("./file0", 0777) = 0 [pid 5097] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5097] chdir("./file0") = 0 [pid 5097] ioctl(4, LOOP_CLR_FD) = 0 [pid 5097] close(4) = 0 [pid 5097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5097] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... futex resumed>) = 0 [pid 5096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5097] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5096] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5097] <... open resumed>) = 5 [pid 5097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5096] <... futex resumed>) = 0 [pid 5097] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] <... futex resumed>) = 0 [pid 5096] <... futex resumed>) = 1 [pid 5096] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5097] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5096] <... futex resumed>) = 0 [pid 5096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5097] <... mmap resumed>) = 0x20000000 [pid 5097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5096] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5097] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5096] <... mprotect resumed>) = 0 [pid 5096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5098 attached [pid 5098] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5096] <... clone3 resumed> => {parent_tid=[5098]}, 88) = 5098 [pid 5098] <... rseq resumed>) = 0 [pid 5096] rt_sigprocmask(SIG_SETMASK, [], [pid 5098] set_robust_list(0x7f3dc0d559a0, 24 [pid 5096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5098] <... set_robust_list resumed>) = 0 [pid 5096] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5096] <... futex resumed>) = 0 [pid 5098] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5096] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5097] <... futex resumed>) = ? [pid 5098] +++ killed by SIGBUS +++ [pid 5097] +++ killed by SIGBUS +++ [pid 5096] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5096, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./18", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./18/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./18/binderfs") = 0 [ 73.885911][ T5097] loop0: detected capacity change from 0 to 2048 [ 73.898620][ T5097] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./18/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./18/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./18/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./18/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./18") = 0 mkdir("./19", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5099 attached , child_tidptr=0x555556218690) = 5099 [pid 5099] set_robust_list(0x5555562186a0, 24) = 0 [pid 5099] chdir("./19") = 0 [pid 5099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5099] setpgid(0, 0) = 0 [pid 5099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5099] write(3, "1000", 4) = 4 [pid 5099] close(3) = 0 [pid 5099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5099] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5099] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5100 attached [pid 5100] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5099] <... clone3 resumed> => {parent_tid=[5100]}, 88) = 5100 [pid 5100] <... rseq resumed>) = 0 [pid 5100] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5100] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5100] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5099] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5100] memfd_create("syzkaller", 0) = 3 [pid 5100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5100] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5100] close(3) = 0 [pid 5100] mkdir("./file0", 0777) = 0 [pid 5100] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5100] chdir("./file0") = 0 [pid 5100] ioctl(4, LOOP_CLR_FD) = 0 [pid 5100] close(4) = 0 [pid 5100] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = 0 [pid 5099] <... futex resumed>) = 1 [pid 5100] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5099] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] <... open resumed>) = 4 [pid 5100] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5100] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5100] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5099] <... futex resumed>) = 0 [pid 5100] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5100] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5099] <... futex resumed>) = 0 [pid 5099] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5100] <... mmap resumed>) = 0x20000000 [pid 5099] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5100] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5099] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5100] <... futex resumed>) = 0 [pid 5100] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5099] <... mprotect resumed>) = 0 [pid 5099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5101]}, 88) = 5101 ./strace-static-x86_64: Process 5101 attached [pid 5099] rt_sigprocmask(SIG_SETMASK, [], [pid 5101] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5099] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5099] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5101] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5101] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5099] <... futex resumed>) = ? [pid 5100] <... futex resumed>) = ? [pid 5101] +++ killed by SIGBUS +++ [pid 5100] +++ killed by SIGBUS +++ [pid 5099] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5099, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./19", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./19/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./19/binderfs") = 0 [ 74.003649][ T5100] loop0: detected capacity change from 0 to 2048 [ 74.014972][ T5100] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./19/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./19/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./19/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./19/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./19") = 0 mkdir("./20", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5102 attached [pid 5102] set_robust_list(0x5555562186a0, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5102 [pid 5102] <... set_robust_list resumed>) = 0 [pid 5102] chdir("./20") = 0 [pid 5102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5102] setpgid(0, 0) = 0 [pid 5102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5102] write(3, "1000", 4) = 4 [pid 5102] close(3) = 0 [pid 5102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5102] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5102] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5103 attached => {parent_tid=[5103]}, 88) = 5103 [pid 5103] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5103] <... rseq resumed>) = 0 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] set_robust_list(0x7f3dc90769a0, 24 [pid 5102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] <... set_robust_list resumed>) = 0 [pid 5102] <... futex resumed>) = 0 [pid 5103] rt_sigprocmask(SIG_SETMASK, [], [pid 5102] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5103] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5103] memfd_create("syzkaller", 0) = 3 [pid 5103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5103] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5103] close(3) = 0 [pid 5103] mkdir("./file0", 0777) = 0 [pid 5103] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5103] chdir("./file0") = 0 [pid 5103] ioctl(4, LOOP_CLR_FD) = 0 [pid 5103] close(4) = 0 [pid 5103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5103] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5103] <... futex resumed>) = 0 [pid 5103] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5102] <... futex resumed>) = 0 [pid 5102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5102] <... futex resumed>) = 0 [pid 5103] <... mmap resumed>) = 0x20000000 [pid 5102] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5103] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5102] <... futex resumed>) = 0 [pid 5102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5102] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5104 attached [pid 5104] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5102] <... clone3 resumed> => {parent_tid=[5104]}, 88) = 5104 [pid 5104] <... rseq resumed>) = 0 [pid 5104] set_robust_list(0x7f3dc0d559a0, 24 [pid 5102] rt_sigprocmask(SIG_SETMASK, [], [pid 5104] <... set_robust_list resumed>) = 0 [pid 5102] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5102] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5102] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5104] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5103] <... futex resumed>) = ? [pid 5102] <... futex resumed>) = ? [pid 5103] +++ killed by SIGBUS +++ [pid 5104] +++ killed by SIGBUS +++ [pid 5102] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5102, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./20", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./20", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./20/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./20/binderfs") = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./20/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./20/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 74.117857][ T5103] loop0: detected capacity change from 0 to 2048 [ 74.130208][ T5103] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./20/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./20/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./20") = 0 mkdir("./21", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5105 ./strace-static-x86_64: Process 5105 attached [pid 5105] set_robust_list(0x5555562186a0, 24) = 0 [pid 5105] chdir("./21") = 0 [pid 5105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5105] setpgid(0, 0) = 0 [pid 5105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5105] write(3, "1000", 4) = 4 [pid 5105] close(3) = 0 [pid 5105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5105] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5105] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5106 attached => {parent_tid=[5106]}, 88) = 5106 [pid 5106] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5106] set_robust_list(0x7f3dc90769a0, 24 [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] <... set_robust_list resumed>) = 0 [pid 5105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5106] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5106] memfd_create("syzkaller", 0) = 3 [pid 5106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5106] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5106] close(3) = 0 [pid 5106] mkdir("./file0", 0777) = 0 [pid 5106] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5106] chdir("./file0") = 0 [pid 5106] ioctl(4, LOOP_CLR_FD) = 0 [pid 5106] close(4) = 0 [pid 5106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5106] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5106] <... futex resumed>) = 0 [pid 5105] <... futex resumed>) = 1 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5105] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = 4 [pid 5106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5105] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5106] <... open resumed>) = 5 [pid 5106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5105] <... futex resumed>) = 0 [pid 5106] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5106] <... mmap resumed>) = 0x20000000 [pid 5105] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5106] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5105] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5107 attached [pid 5107] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5105] <... clone3 resumed> => {parent_tid=[5107]}, 88) = 5107 [pid 5107] <... rseq resumed>) = 0 [pid 5107] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5105] rt_sigprocmask(SIG_SETMASK, [], [pid 5107] rt_sigprocmask(SIG_SETMASK, [], [pid 5105] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5107] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5105] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5107] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5105] <... futex resumed>) = 0 [pid 5105] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5106] <... futex resumed>) = ? [pid 5107] +++ killed by SIGBUS +++ [pid 5106] +++ killed by SIGBUS +++ [pid 5105] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5105, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- umount2("./21", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./21/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./21/binderfs") = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./21/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./21/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./21/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 74.253544][ T5106] loop0: detected capacity change from 0 to 2048 [ 74.265186][ T5106] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./21/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./21") = 0 mkdir("./22", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5108 attached [pid 5108] set_robust_list(0x5555562186a0, 24) = 0 [pid 5108] chdir("./22") = 0 [pid 5108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5108] setpgid(0, 0) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5108 [pid 5108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5108] write(3, "1000", 4) = 4 [pid 5108] close(3) = 0 [pid 5108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5108] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5108] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5109 attached [pid 5109] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5108] <... clone3 resumed> => {parent_tid=[5109]}, 88) = 5109 [pid 5109] <... rseq resumed>) = 0 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5109] set_robust_list(0x7f3dc90769a0, 24 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5109] <... set_robust_list resumed>) = 0 [pid 5108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... futex resumed>) = 0 [pid 5109] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5109] memfd_create("syzkaller", 0) = 3 [pid 5109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5109] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5109] close(3) = 0 [pid 5109] mkdir("./file0", 0777) = 0 [pid 5109] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5109] chdir("./file0") = 0 [pid 5109] ioctl(4, LOOP_CLR_FD) = 0 [pid 5109] close(4) = 0 [pid 5109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... open resumed>) = 4 [pid 5109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5109] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5108] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5109] <... open resumed>) = 5 [pid 5109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5108] <... futex resumed>) = 0 [pid 5108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5108] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5109] <... mmap resumed>) = 0x20000000 [pid 5108] <... futex resumed>) = 0 [pid 5108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5109] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5108] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5108] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5110 attached => {parent_tid=[5110]}, 88) = 5110 [pid 5110] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5108] rt_sigprocmask(SIG_SETMASK, [], [pid 5110] <... rseq resumed>) = 0 [pid 5108] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5110] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5108] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5110] rt_sigprocmask(SIG_SETMASK, [], [pid 5108] <... futex resumed>) = 0 [pid 5110] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5108] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5110] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5109] <... futex resumed>) = ? [pid 5108] <... futex resumed>) = ? [pid 5110] +++ killed by SIGBUS +++ [pid 5109] +++ killed by SIGBUS +++ [pid 5108] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5108, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./22", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./22/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./22/binderfs") = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./22/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 74.368286][ T5109] loop0: detected capacity change from 0 to 2048 [ 74.379547][ T5109] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./22/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./22/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./22/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./22") = 0 mkdir("./23", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5111 ./strace-static-x86_64: Process 5111 attached [pid 5111] set_robust_list(0x5555562186a0, 24) = 0 [pid 5111] chdir("./23") = 0 [pid 5111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5111] setpgid(0, 0) = 0 [pid 5111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5111] write(3, "1000", 4) = 4 [pid 5111] close(3) = 0 [pid 5111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5111] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5111] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5112 attached => {parent_tid=[5112]}, 88) = 5112 [pid 5112] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5112] <... rseq resumed>) = 0 [pid 5112] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5112] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5112] memfd_create("syzkaller", 0) = 3 [pid 5112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5112] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5112] close(3) = 0 [pid 5112] mkdir("./file0", 0777) = 0 [pid 5112] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5112] chdir("./file0") = 0 [pid 5112] ioctl(4, LOOP_CLR_FD) = 0 [pid 5112] close(4) = 0 [pid 5112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5111] <... futex resumed>) = 0 [pid 5112] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... open resumed>) = 4 [pid 5112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5112] <... futex resumed>) = 1 [pid 5112] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5111] <... futex resumed>) = 0 [pid 5111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5111] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5112] <... futex resumed>) = 1 [pid 5111] <... mprotect resumed>) = 0 [pid 5112] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5111] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5112] <... mmap resumed>) = 0x20000000 [pid 5111] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5113 attached => {parent_tid=[5113]}, 88) = 5113 [pid 5113] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5111] rt_sigprocmask(SIG_SETMASK, [], [pid 5113] <... rseq resumed>) = 0 [pid 5113] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5113] rt_sigprocmask(SIG_SETMASK, [], [pid 5111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5113] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5111] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5111] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5113] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5112] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5113] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5112] <... futex resumed>) = ? [pid 5111] <... futex resumed>) = ? [pid 5113] +++ killed by SIGBUS +++ [pid 5112] +++ killed by SIGBUS +++ [pid 5111] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5111, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./23", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./23/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./23/binderfs") = 0 [ 74.496516][ T5112] loop0: detected capacity change from 0 to 2048 [ 74.507927][ T5112] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./23/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./23/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./23/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./23/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./23") = 0 mkdir("./24", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5114 attached , child_tidptr=0x555556218690) = 5114 [pid 5114] set_robust_list(0x5555562186a0, 24) = 0 [pid 5114] chdir("./24") = 0 [pid 5114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5114] setpgid(0, 0) = 0 [pid 5114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5114] write(3, "1000", 4) = 4 [pid 5114] close(3) = 0 [pid 5114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5114] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5114] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5115 attached [pid 5115] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5114] <... clone3 resumed> => {parent_tid=[5115]}, 88) = 5115 [pid 5115] <... rseq resumed>) = 0 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], [pid 5115] set_robust_list(0x7f3dc90769a0, 24 [pid 5114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5115] <... set_robust_list resumed>) = 0 [pid 5115] rt_sigprocmask(SIG_SETMASK, [], [pid 5114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] <... futex resumed>) = 0 [pid 5115] memfd_create("syzkaller", 0 [pid 5114] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5115] <... memfd_create resumed>) = 3 [pid 5115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5115] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5115] close(3) = 0 [pid 5115] mkdir("./file0", 0777) = 0 [pid 5115] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5115] chdir("./file0") = 0 [pid 5115] ioctl(4, LOOP_CLR_FD) = 0 [pid 5115] close(4) = 0 [pid 5115] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5115] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5114] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... open resumed>) = 4 [pid 5115] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5114] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5115] <... open resumed>) = 5 [pid 5115] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5115] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] <... futex resumed>) = 0 [pid 5114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... futex resumed>) = 0 [pid 5114] <... futex resumed>) = 1 [pid 5115] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5114] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5115] <... mmap resumed>) = 0x20000000 [pid 5114] <... futex resumed>) = 0 [pid 5115] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5115] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5114] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5116 attached => {parent_tid=[5116]}, 88) = 5116 [pid 5114] rt_sigprocmask(SIG_SETMASK, [], [pid 5116] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5114] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5116] <... rseq resumed>) = 0 [pid 5114] <... futex resumed>) = 0 [pid 5116] set_robust_list(0x7f3dc0d559a0, 24 [pid 5114] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5116] <... set_robust_list resumed>) = 0 [pid 5116] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5116] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5114] <... futex resumed>) = ? [pid 5115] <... futex resumed>) = ? [pid 5115] +++ killed by SIGBUS +++ [pid 5116] +++ killed by SIGBUS +++ [pid 5114] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5114, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./24", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./24/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./24/binderfs") = 0 [ 74.597110][ T5115] loop0: detected capacity change from 0 to 2048 [ 74.608638][ T5115] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./24/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./24/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./24/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./24/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./24") = 0 mkdir("./25", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5117 attached , child_tidptr=0x555556218690) = 5117 [pid 5117] set_robust_list(0x5555562186a0, 24) = 0 [pid 5117] chdir("./25") = 0 [pid 5117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5117] setpgid(0, 0) = 0 [pid 5117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5117] write(3, "1000", 4) = 4 [pid 5117] close(3) = 0 [pid 5117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5117] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5117] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5117] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5118 attached => {parent_tid=[5118]}, 88) = 5118 [pid 5118] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5117] rt_sigprocmask(SIG_SETMASK, [], [pid 5118] <... rseq resumed>) = 0 [pid 5117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5118] set_robust_list(0x7f3dc90769a0, 24 [pid 5117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... set_robust_list resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5118] rt_sigprocmask(SIG_SETMASK, [], [pid 5117] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5118] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5118] memfd_create("syzkaller", 0) = 3 [pid 5118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5118] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5118] close(3) = 0 [pid 5118] mkdir("./file0", 0777) = 0 [pid 5118] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5118] chdir("./file0") = 0 [pid 5118] ioctl(4, LOOP_CLR_FD) = 0 [pid 5118] close(4) = 0 [pid 5118] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5118] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] <... futex resumed>) = 0 [pid 5117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5118] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5117] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] <... open resumed>) = 4 [pid 5118] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... open resumed>) = 5 [pid 5117] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5118] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5117] <... futex resumed>) = 0 [pid 5118] <... futex resumed>) = 1 [pid 5118] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 1 [pid 5118] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5118] <... futex resumed>) = 0 [pid 5117] <... futex resumed>) = 0 [pid 5118] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5117] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5118] +++ killed by SIGBUS +++ [pid 5117] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5117, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./25", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./25/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./25/binderfs") = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./25/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./25/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./25/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./25/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./25") = 0 mkdir("./26", 0777) = 0 [ 74.723979][ T5118] loop0: detected capacity change from 0 to 2048 [ 74.736239][ T5118] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5119 ./strace-static-x86_64: Process 5119 attached [pid 5119] set_robust_list(0x5555562186a0, 24) = 0 [pid 5119] chdir("./26") = 0 [pid 5119] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5119] setpgid(0, 0) = 0 [pid 5119] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5119] write(3, "1000", 4) = 4 [pid 5119] close(3) = 0 [pid 5119] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5119] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5119] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5119] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5120 attached [pid 5120] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5119] <... clone3 resumed> => {parent_tid=[5120]}, 88) = 5120 [pid 5120] <... rseq resumed>) = 0 [pid 5120] set_robust_list(0x7f3dc90769a0, 24 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5120] <... set_robust_list resumed>) = 0 [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5119] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5120] memfd_create("syzkaller", 0 [pid 5119] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5120] <... memfd_create resumed>) = 3 [pid 5120] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5120] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5120] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5120] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5120] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5120] close(3) = 0 [pid 5120] mkdir("./file0", 0777) = 0 [pid 5120] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5120] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5120] chdir("./file0") = 0 [pid 5120] ioctl(4, LOOP_CLR_FD) = 0 [pid 5120] close(4) = 0 [pid 5120] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5120] <... futex resumed>) = 0 [pid 5119] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5120] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5119] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... open resumed>) = 5 [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5120] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5119] <... futex resumed>) = 0 [pid 5120] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5120] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5119] <... futex resumed>) = 0 [pid 5119] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5119] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5120] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5119] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5120] <... mmap resumed>) = 0x20000000 [pid 5119] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5120] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5119] <... mprotect resumed>) = 0 [pid 5120] <... futex resumed>) = 0 [pid 5119] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5120] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5119] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5119] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5121 attached => {parent_tid=[5121]}, 88) = 5121 [pid 5121] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5119] rt_sigprocmask(SIG_SETMASK, [], [pid 5121] <... rseq resumed>) = 0 [pid 5119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] set_robust_list(0x7f3dc0d559a0, 24 [pid 5119] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5121] <... set_robust_list resumed>) = 0 [pid 5119] <... futex resumed>) = 0 [pid 5121] rt_sigprocmask(SIG_SETMASK, [], [pid 5119] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5121] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5121] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5120] <... futex resumed>) = ? [pid 5119] <... futex resumed>) = ? [pid 5121] +++ killed by SIGBUS +++ [pid 5120] +++ killed by SIGBUS +++ [pid 5119] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5119, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./26", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./26/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./26/binderfs") = 0 [ 74.837229][ T5120] loop0: detected capacity change from 0 to 2048 [ 74.852331][ T5120] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./26/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./26/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./26/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./26/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./26") = 0 mkdir("./27", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5122 ./strace-static-x86_64: Process 5122 attached [pid 5122] set_robust_list(0x5555562186a0, 24) = 0 [pid 5122] chdir("./27") = 0 [pid 5122] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5122] setpgid(0, 0) = 0 [pid 5122] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5122] write(3, "1000", 4) = 4 [pid 5122] close(3) = 0 [pid 5122] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5122] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5122] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5122] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5123 attached [pid 5123] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5122] <... clone3 resumed> => {parent_tid=[5123]}, 88) = 5123 [pid 5123] <... rseq resumed>) = 0 [pid 5123] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5123] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5123] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5122] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] <... futex resumed>) = 0 [pid 5122] <... futex resumed>) = 1 [pid 5123] memfd_create("syzkaller", 0 [pid 5122] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5123] <... memfd_create resumed>) = 3 [pid 5123] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5123] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5123] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5123] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5123] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5123] close(3) = 0 [pid 5123] mkdir("./file0", 0777) = 0 [pid 5123] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5123] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5123] chdir("./file0") = 0 [pid 5123] ioctl(4, LOOP_CLR_FD) = 0 [pid 5123] close(4) = 0 [pid 5123] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5123] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5122] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5123] <... futex resumed>) = 1 [pid 5123] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5123] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5122] <... futex resumed>) = 0 [pid 5123] <... futex resumed>) = 1 [pid 5122] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5123] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5122] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5122] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5123] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5123] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5122] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5122] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5122] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5124 attached => {parent_tid=[5124]}, 88) = 5124 [pid 5124] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5124] set_robust_list(0x7f3dc0d559a0, 24 [pid 5122] rt_sigprocmask(SIG_SETMASK, [], [pid 5124] <... set_robust_list resumed>) = 0 [pid 5122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5124] rt_sigprocmask(SIG_SETMASK, [], [pid 5122] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5122] <... futex resumed>) = 0 [pid 5124] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5122] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5123] <... futex resumed>) = ? [pid 5124] +++ killed by SIGBUS +++ [pid 5123] +++ killed by SIGBUS +++ [pid 5122] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5122, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./27", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./27/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./27/binderfs") = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./27/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./27/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./27/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./27/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./27") = 0 mkdir("./28", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 74.958517][ T5123] loop0: detected capacity change from 0 to 2048 [ 74.969197][ T5123] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5125 attached [pid 5125] set_robust_list(0x5555562186a0, 24) = 0 [pid 5125] chdir("./28") = 0 [pid 5125] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5125] setpgid(0, 0) = 0 [pid 5125] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5125 [pid 5125] <... openat resumed>) = 3 [pid 5125] write(3, "1000", 4) = 4 [pid 5125] close(3) = 0 [pid 5125] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5125] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5125] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5125] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5125] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5126 attached => {parent_tid=[5126]}, 88) = 5126 [pid 5125] rt_sigprocmask(SIG_SETMASK, [], [pid 5126] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5125] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5126] <... rseq resumed>) = 0 [pid 5126] set_robust_list(0x7f3dc90769a0, 24 [pid 5125] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... set_robust_list resumed>) = 0 [pid 5125] <... futex resumed>) = 0 [pid 5126] rt_sigprocmask(SIG_SETMASK, [], [pid 5125] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5126] memfd_create("syzkaller", 0) = 3 [pid 5126] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5126] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5126] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5126] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5126] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5126] close(3) = 0 [pid 5126] mkdir("./file0", 0777) = 0 [pid 5126] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5126] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5126] chdir("./file0") = 0 [pid 5126] ioctl(4, LOOP_CLR_FD) = 0 [pid 5126] close(4) = 0 [pid 5126] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5125] <... futex resumed>) = 0 [pid 5126] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5125] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] <... open resumed>) = 4 [pid 5126] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5126] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = 0 [pid 5125] <... futex resumed>) = 1 [pid 5126] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5125] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5126] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5125] <... futex resumed>) = 0 [pid 5126] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5125] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5126] <... mmap resumed>) = 0x20000000 [pid 5125] <... futex resumed>) = 0 [pid 5125] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5126] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5125] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5126] <... futex resumed>) = 0 [pid 5126] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5125] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5125] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5127 attached => {parent_tid=[5127]}, 88) = 5127 [pid 5127] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5127] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5127] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5125] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5127] <... futex resumed>) = 0 [pid 5127] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5126] <... futex resumed>) = ? [pid 5126] +++ killed by SIGBUS +++ [pid 5127] +++ killed by SIGBUS +++ [pid 5125] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5125, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./28", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./28/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./28/binderfs") = 0 [ 75.059323][ T5126] loop0: detected capacity change from 0 to 2048 [ 75.074549][ T5126] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./28/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./28/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./28/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./28/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./28") = 0 mkdir("./29", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5128 ./strace-static-x86_64: Process 5128 attached [pid 5128] set_robust_list(0x5555562186a0, 24) = 0 [pid 5128] chdir("./29") = 0 [pid 5128] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5128] setpgid(0, 0) = 0 [pid 5128] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5128] write(3, "1000", 4) = 4 [pid 5128] close(3) = 0 [pid 5128] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5128] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5128] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5128] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5129]}, 88) = 5129 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5128] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5128] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5129 attached [pid 5129] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5129] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5129] memfd_create("syzkaller", 0) = 3 [pid 5129] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5129] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5129] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5129] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5129] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5129] close(3) = 0 [pid 5129] mkdir("./file0", 0777) = 0 [pid 5129] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5129] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5129] chdir("./file0") = 0 [pid 5129] ioctl(4, LOOP_CLR_FD) = 0 [pid 5129] close(4) = 0 [pid 5129] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5129] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = 0 [pid 5129] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5129] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5129] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5129] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5129] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... futex resumed>) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5128] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5129] <... futex resumed>) = 0 [pid 5129] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5129] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5128] <... futex resumed>) = 0 [pid 5129] <... futex resumed>) = 0 [pid 5128] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5129] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5128] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5128] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5128] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5128] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5130 attached [pid 5130] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5128] <... clone3 resumed> => {parent_tid=[5130]}, 88) = 5130 [pid 5130] <... rseq resumed>) = 0 [pid 5130] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5128] rt_sigprocmask(SIG_SETMASK, [], [pid 5130] rt_sigprocmask(SIG_SETMASK, [], [pid 5128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5128] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5130] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5130] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5128] <... futex resumed>) = 0 [pid 5128] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5129] <... futex resumed>) = ? [pid 5128] <... futex resumed>) = ? [pid 5129] +++ killed by SIGBUS +++ [pid 5130] +++ killed by SIGBUS +++ [pid 5128] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5128, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./29", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./29/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./29/binderfs") = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./29/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./29/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./29/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 75.182285][ T5129] loop0: detected capacity change from 0 to 2048 [ 75.193017][ T5129] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./29/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./29") = 0 mkdir("./30", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5131 ./strace-static-x86_64: Process 5131 attached [pid 5131] set_robust_list(0x5555562186a0, 24) = 0 [pid 5131] chdir("./30") = 0 [pid 5131] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5131] setpgid(0, 0) = 0 [pid 5131] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5131] write(3, "1000", 4) = 4 [pid 5131] close(3) = 0 [pid 5131] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5131] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5131] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5131] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5132 attached => {parent_tid=[5132]}, 88) = 5132 [pid 5132] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], [pid 5132] <... rseq resumed>) = 0 [pid 5131] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5131] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5132] memfd_create("syzkaller", 0) = 3 [pid 5132] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5131] <... futex resumed>) = 0 [pid 5132] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5131] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5132] <... write resumed>) = 1048576 [pid 5132] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5132] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5132] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5132] close(3) = 0 [pid 5132] mkdir("./file0", 0777) = 0 [pid 5132] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5132] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5132] chdir("./file0") = 0 [pid 5132] ioctl(4, LOOP_CLR_FD) = 0 [pid 5132] close(4) = 0 [pid 5132] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5131] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 4 [pid 5132] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5132] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] <... futex resumed>) = 0 [pid 5131] <... futex resumed>) = 1 [pid 5132] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5131] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5132] <... open resumed>) = 5 [pid 5132] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5132] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5131] <... futex resumed>) = 0 [pid 5131] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5131] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5132] <... mmap resumed>) = 0x20000000 [pid 5131] <... mprotect resumed>) = 0 [pid 5132] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5131] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5132] <... futex resumed>) = 0 [pid 5131] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5132] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5131] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5133]}, 88) = 5133 [pid 5131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5131] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5131] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5133 attached [pid 5133] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5133] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5133] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5132] <... futex resumed>) = ? [pid 5131] <... futex resumed>) = ? [pid 5133] +++ killed by SIGBUS +++ [pid 5132] +++ killed by SIGBUS +++ [pid 5131] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5131, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./30", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./30/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./30/binderfs") = 0 [ 75.302124][ T5132] loop0: detected capacity change from 0 to 2048 [ 75.315422][ T5132] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./30/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./30/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./30/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./30/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./30") = 0 mkdir("./31", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5134 ./strace-static-x86_64: Process 5134 attached [pid 5134] set_robust_list(0x5555562186a0, 24) = 0 [pid 5134] chdir("./31") = 0 [pid 5134] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5134] setpgid(0, 0) = 0 [pid 5134] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5134] write(3, "1000", 4) = 4 [pid 5134] close(3) = 0 [pid 5134] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5134] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5134] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5134] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5135]}, 88) = 5135 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5134] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5135 attached [pid 5135] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5135] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5135] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5135] memfd_create("syzkaller", 0) = 3 [pid 5135] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5135] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5135] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5135] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5135] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5135] close(3) = 0 [pid 5135] mkdir("./file0", 0777) = 0 [pid 5135] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5135] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5135] chdir("./file0") = 0 [pid 5135] ioctl(4, LOOP_CLR_FD) = 0 [pid 5135] close(4) = 0 [pid 5135] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5135] <... futex resumed>) = 0 [pid 5134] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5135] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5135] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5135] <... futex resumed>) = 0 [pid 5135] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5135] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5135] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5134] <... futex resumed>) = 0 [pid 5134] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5135] <... mmap resumed>) = 0x20000000 [pid 5135] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5134] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5135] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5134] <... mprotect resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5134] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5136 attached [pid 5136] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5134] <... clone3 resumed> => {parent_tid=[5136]}, 88) = 5136 [pid 5136] <... rseq resumed>) = 0 [pid 5134] rt_sigprocmask(SIG_SETMASK, [], [pid 5136] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5134] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5136] rt_sigprocmask(SIG_SETMASK, [], [pid 5134] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5134] <... futex resumed>) = 0 [pid 5136] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5134] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5136] +++ killed by SIGBUS +++ [pid 5135] <... futex resumed>) = ? [pid 5135] +++ killed by SIGBUS +++ [pid 5134] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5134, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./31", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./31/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./31/binderfs") = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./31/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./31/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./31/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./31/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./31") = 0 mkdir("./32", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5137 attached , child_tidptr=0x555556218690) = 5137 [pid 5137] set_robust_list(0x5555562186a0, 24) = 0 [pid 5137] chdir("./32") = 0 [pid 5137] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5137] setpgid(0, 0) = 0 [pid 5137] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5137] write(3, "1000", 4) = 4 [pid 5137] close(3) = 0 [ 75.433126][ T5135] loop0: detected capacity change from 0 to 2048 [ 75.445440][ T5135] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5137] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5137] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5137] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5137] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5138 attached => {parent_tid=[5138]}, 88) = 5138 [pid 5138] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5138] set_robust_list(0x7f3dc90769a0, 24 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], [pid 5138] <... set_robust_list resumed>) = 0 [pid 5137] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5138] rt_sigprocmask(SIG_SETMASK, [], [pid 5137] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5138] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5137] <... futex resumed>) = 0 [pid 5138] memfd_create("syzkaller", 0 [pid 5137] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5138] <... memfd_create resumed>) = 3 [pid 5138] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5138] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5138] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5138] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5138] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5138] close(3) = 0 [pid 5138] mkdir("./file0", 0777) = 0 [pid 5138] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5138] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5138] chdir("./file0") = 0 [pid 5138] ioctl(4, LOOP_CLR_FD) = 0 [pid 5138] close(4) = 0 [pid 5138] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5138] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5138] <... futex resumed>) = 1 [pid 5138] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5138] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5137] <... futex resumed>) = 0 [pid 5137] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5137] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5137] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5137] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5137] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5138] <... futex resumed>) = 1 [pid 5138] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5137] <... clone3 resumed> => {parent_tid=[5139]}, 88) = 5139 [pid 5137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5137] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5139] <... futex resumed>) = 0 [pid 5139] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5137] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5139] +++ killed by SIGBUS +++ [pid 5138] +++ killed by SIGBUS +++ [pid 5137] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5137, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./32", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./32/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./32/binderfs") = 0 [ 75.516376][ T5138] loop0: detected capacity change from 0 to 2048 [ 75.531289][ T5138] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./32/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./32/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./32/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./32/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./32") = 0 mkdir("./33", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5140 attached , child_tidptr=0x555556218690) = 5140 [pid 5140] set_robust_list(0x5555562186a0, 24) = 0 [pid 5140] chdir("./33") = 0 [pid 5140] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5140] setpgid(0, 0) = 0 [pid 5140] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5140] write(3, "1000", 4) = 4 [pid 5140] close(3) = 0 [pid 5140] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5140] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5140] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5140] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5141 attached [pid 5141] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5141] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5141] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... clone3 resumed> => {parent_tid=[5141]}, 88) = 5141 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5140] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] <... futex resumed>) = 0 [pid 5140] <... futex resumed>) = 1 [pid 5141] memfd_create("syzkaller", 0 [pid 5140] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5141] <... memfd_create resumed>) = 3 [pid 5141] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5141] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5141] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5141] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5141] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5141] close(3) = 0 [pid 5141] mkdir("./file0", 0777) = 0 [pid 5141] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5141] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5141] chdir("./file0") = 0 [pid 5141] ioctl(4, LOOP_CLR_FD) = 0 [pid 5141] close(4) = 0 [pid 5141] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5141] <... futex resumed>) = 0 [pid 5141] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5140] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] <... open resumed>) = 4 [pid 5141] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5141] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5141] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... futex resumed>) = 0 [pid 5140] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5140] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5141] <... futex resumed>) = 1 [pid 5140] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5141] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5140] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5141] <... mmap resumed>) = 0x20000000 [pid 5140] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5142 attached [pid 5141] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5140] <... clone3 resumed> => {parent_tid=[5142]}, 88) = 5142 [pid 5141] <... futex resumed>) = 0 [pid 5140] rt_sigprocmask(SIG_SETMASK, [], [pid 5141] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5140] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5140] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5142] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5142] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5142] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5142] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5142] +++ killed by SIGBUS +++ [pid 5140] <... futex resumed>) = ? [pid 5141] <... futex resumed>) = ? [pid 5141] +++ killed by SIGBUS +++ [pid 5140] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5140, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./33", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 [ 75.625481][ T5141] loop0: detected capacity change from 0 to 2048 [ 75.636773][ T5141] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./33/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./33/binderfs") = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./33/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./33/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./33/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./33/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./33") = 0 mkdir("./34", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5143 ./strace-static-x86_64: Process 5143 attached [pid 5143] set_robust_list(0x5555562186a0, 24) = 0 [pid 5143] chdir("./34") = 0 [pid 5143] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5143] setpgid(0, 0) = 0 [pid 5143] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5143] write(3, "1000", 4) = 4 [pid 5143] close(3) = 0 [pid 5143] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5143] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5143] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5143] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5144 attached => {parent_tid=[5144]}, 88) = 5144 [pid 5144] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5144] <... rseq resumed>) = 0 [pid 5144] set_robust_list(0x7f3dc90769a0, 24 [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5143] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5144] <... set_robust_list resumed>) = 0 [pid 5144] rt_sigprocmask(SIG_SETMASK, [], [pid 5143] <... futex resumed>) = 0 [pid 5144] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5144] memfd_create("syzkaller", 0) = 3 [pid 5144] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5144] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5143] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5144] <... write resumed>) = 1048576 [pid 5144] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5144] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5144] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5144] close(3) = 0 [pid 5144] mkdir("./file0", 0777) = 0 [pid 5144] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5144] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5144] chdir("./file0") = 0 [pid 5144] ioctl(4, LOOP_CLR_FD) = 0 [pid 5144] close(4) = 0 [pid 5144] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5144] <... futex resumed>) = 0 [pid 5144] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5143] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] <... open resumed>) = 4 [pid 5144] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5143] <... futex resumed>) = 0 [pid 5144] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5143] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] <... open resumed>) = 5 [pid 5143] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5144] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5143] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5144] <... futex resumed>) = 1 [pid 5143] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5144] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5143] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5144] <... mmap resumed>) = 0x20000000 [pid 5143] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5143] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5143] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5144] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5145 attached ) = 0 [pid 5143] <... clone3 resumed> => {parent_tid=[5145]}, 88) = 5145 [pid 5145] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5143] rt_sigprocmask(SIG_SETMASK, [], [pid 5145] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5144] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5143] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5143] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5145] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5143] <... futex resumed>) = 0 [pid 5143] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5144] <... futex resumed>) = ? [pid 5144] +++ killed by SIGBUS +++ [pid 5145] +++ killed by SIGBUS +++ [pid 5143] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5143, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./34", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./34", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./34/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./34/binderfs") = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./34/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./34/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 75.750799][ T5144] loop0: detected capacity change from 0 to 2048 [ 75.761780][ T5144] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./34/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./34/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./34") = 0 mkdir("./35", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5146 ./strace-static-x86_64: Process 5146 attached [pid 5146] set_robust_list(0x5555562186a0, 24) = 0 [pid 5146] chdir("./35") = 0 [pid 5146] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5146] setpgid(0, 0) = 0 [pid 5146] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5146] write(3, "1000", 4) = 4 [pid 5146] close(3) = 0 [pid 5146] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5146] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5146] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5146] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5147 attached => {parent_tid=[5147]}, 88) = 5147 [pid 5147] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5147] set_robust_list(0x7f3dc90769a0, 24 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5146] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5147] <... set_robust_list resumed>) = 0 [pid 5147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5147] memfd_create("syzkaller", 0) = 3 [pid 5147] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5147] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5147] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5147] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5147] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5147] close(3) = 0 [pid 5147] mkdir("./file0", 0777) = 0 [pid 5147] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5147] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5147] chdir("./file0") = 0 [pid 5147] ioctl(4, LOOP_CLR_FD) = 0 [pid 5147] close(4) = 0 [pid 5147] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5146] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5146] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5147] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5146] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5147] <... open resumed>) = 5 [pid 5147] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5146] <... futex resumed>) = 0 [pid 5147] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5146] <... futex resumed>) = 0 [pid 5147] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5146] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5147] <... mmap resumed>) = 0x20000000 [pid 5146] <... futex resumed>) = 0 [pid 5146] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5147] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5146] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5147] <... futex resumed>) = 0 [pid 5146] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5147] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... mprotect resumed>) = 0 [pid 5146] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5146] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5148 attached => {parent_tid=[5148]}, 88) = 5148 [pid 5148] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5148] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5146] rt_sigprocmask(SIG_SETMASK, [], [pid 5148] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5148] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5146] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5146] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5148] <... futex resumed>) = 0 [pid 5146] <... futex resumed>) = 1 [pid 5148] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5147] <... futex resumed>) = ? [pid 5148] +++ killed by SIGBUS +++ [pid 5147] +++ killed by SIGBUS +++ [ 75.872914][ T5147] loop0: detected capacity change from 0 to 2048 [ 75.884651][ T5147] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5146] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5146, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./35", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./35/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./35/binderfs") = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./35/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./35/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./35/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./35/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./35") = 0 mkdir("./36", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5149 attached , child_tidptr=0x555556218690) = 5149 [pid 5149] set_robust_list(0x5555562186a0, 24) = 0 [pid 5149] chdir("./36") = 0 [pid 5149] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5149] setpgid(0, 0) = 0 [pid 5149] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5149] write(3, "1000", 4) = 4 [pid 5149] close(3) = 0 [pid 5149] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5149] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5149] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5149] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5149] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5150 attached [pid 5150] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5149] <... clone3 resumed> => {parent_tid=[5150]}, 88) = 5150 [pid 5150] <... rseq resumed>) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5150] set_robust_list(0x7f3dc90769a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5150] <... set_robust_list resumed>) = 0 [pid 5149] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] <... futex resumed>) = 0 [pid 5150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5150] memfd_create("syzkaller", 0) = 3 [pid 5150] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5150] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5150] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5150] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5150] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5150] close(3) = 0 [pid 5150] mkdir("./file0", 0777) = 0 [pid 5150] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5150] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5150] chdir("./file0") = 0 [pid 5150] ioctl(4, LOOP_CLR_FD) = 0 [pid 5150] close(4) = 0 [pid 5150] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] <... futex resumed>) = 0 [pid 5150] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5149] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... open resumed>) = 4 [pid 5150] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5149] <... futex resumed>) = 0 [pid 5150] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5149] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... open resumed>) = 5 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5149] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... futex resumed>) = 0 [pid 5149] <... futex resumed>) = 1 [pid 5150] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5149] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5150] <... mmap resumed>) = 0x20000000 [pid 5149] <... futex resumed>) = 0 [pid 5150] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5149] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5150] <... futex resumed>) = 0 [pid 5150] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5149] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5149] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5149] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5149] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5151 attached => {parent_tid=[5151]}, 88) = 5151 [pid 5151] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5149] rt_sigprocmask(SIG_SETMASK, [], [pid 5151] set_robust_list(0x7f3dc0d559a0, 24 [pid 5149] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5149] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5151] <... set_robust_list resumed>) = 0 [pid 5149] <... futex resumed>) = 0 [pid 5151] rt_sigprocmask(SIG_SETMASK, [], [pid 5149] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5151] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5151] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5150] <... futex resumed>) = ? [pid 5149] <... futex resumed>) = ? [pid 5150] +++ killed by SIGBUS +++ [pid 5151] +++ killed by SIGBUS +++ [pid 5149] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5149, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./36", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./36/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./36/binderfs") = 0 [ 76.000341][ T5150] loop0: detected capacity change from 0 to 2048 [ 76.013075][ T5150] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./36/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./36/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./36/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./36/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./36") = 0 mkdir("./37", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5152 attached , child_tidptr=0x555556218690) = 5152 [pid 5152] set_robust_list(0x5555562186a0, 24) = 0 [pid 5152] chdir("./37") = 0 [pid 5152] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5152] setpgid(0, 0) = 0 [pid 5152] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5152] write(3, "1000", 4) = 4 [pid 5152] close(3) = 0 [pid 5152] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5152] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5152] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5152] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5153]}, 88) = 5153 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5152] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5153 attached [pid 5153] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5153] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5153] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5153] memfd_create("syzkaller", 0) = 3 [pid 5153] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5153] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5153] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5153] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5153] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5153] close(3) = 0 [pid 5153] mkdir("./file0", 0777) = 0 [pid 5153] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5153] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5153] chdir("./file0") = 0 [pid 5153] ioctl(4, LOOP_CLR_FD) = 0 [pid 5153] close(4) = 0 [pid 5153] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5152] <... futex resumed>) = 0 [pid 5153] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5152] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] <... open resumed>) = 4 [pid 5153] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5152] <... futex resumed>) = 0 [pid 5153] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5153] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5153] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5153] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5152] <... futex resumed>) = 0 [pid 5152] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] <... futex resumed>) = 1 [pid 5152] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5152] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5153] <... mmap resumed>) = 0x20000000 [pid 5152] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5152] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5153] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5153] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5152] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5152] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5154]}, 88) = 5154 ./strace-static-x86_64: Process 5154 attached [pid 5154] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5154] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5152] rt_sigprocmask(SIG_SETMASK, [], [pid 5154] rt_sigprocmask(SIG_SETMASK, [], [pid 5152] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5154] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5152] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5152] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5154] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5153] <... futex resumed>) = ? [pid 5152] <... futex resumed>) = ? [pid 5153] +++ killed by SIGBUS +++ [pid 5154] +++ killed by SIGBUS +++ [pid 5152] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5152, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./37", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./37/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./37/binderfs") = 0 [ 76.097495][ T5153] loop0: detected capacity change from 0 to 2048 [ 76.116602][ T5153] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./37/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./37/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./37/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./37/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./37") = 0 mkdir("./38", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5155 ./strace-static-x86_64: Process 5155 attached [pid 5155] set_robust_list(0x5555562186a0, 24) = 0 [pid 5155] chdir("./38") = 0 [pid 5155] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5155] setpgid(0, 0) = 0 [pid 5155] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5155] write(3, "1000", 4) = 4 [pid 5155] close(3) = 0 [pid 5155] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5155] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5155] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5155] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5155] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5156 attached => {parent_tid=[5156]}, 88) = 5156 [pid 5156] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5156] <... rseq resumed>) = 0 [pid 5156] set_robust_list(0x7f3dc90769a0, 24 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5156] <... set_robust_list resumed>) = 0 [pid 5155] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] <... futex resumed>) = 0 [pid 5156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5155] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5156] memfd_create("syzkaller", 0) = 3 [pid 5156] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5156] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5156] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5156] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5156] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5156] close(3) = 0 [pid 5156] mkdir("./file0", 0777) = 0 [pid 5156] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5156] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5156] chdir("./file0") = 0 [pid 5156] ioctl(4, LOOP_CLR_FD) = 0 [pid 5156] close(4) = 0 [pid 5156] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] <... open resumed>) = 4 [pid 5156] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5155] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5156] <... open resumed>) = 5 [pid 5155] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5156] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5155] <... futex resumed>) = 0 [pid 5156] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5155] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... mmap resumed>) = 0x20000000 [pid 5155] <... futex resumed>) = 0 [pid 5156] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5155] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5156] <... futex resumed>) = 0 [pid 5155] <... futex resumed>) = 0 [pid 5155] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5156] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5155] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5155] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5155] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5155] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5157 attached [pid 5157] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5155] <... clone3 resumed> => {parent_tid=[5157]}, 88) = 5157 [pid 5157] <... rseq resumed>) = 0 [pid 5155] rt_sigprocmask(SIG_SETMASK, [], [pid 5157] set_robust_list(0x7f3dc0d559a0, 24 [pid 5155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] <... set_robust_list resumed>) = 0 [pid 5155] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5157] rt_sigprocmask(SIG_SETMASK, [], [pid 5155] <... futex resumed>) = 0 [pid 5155] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5157] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5156] <... futex resumed>) = ? [pid 5155] <... futex resumed>) = ? [pid 5156] +++ killed by SIGBUS +++ [pid 5157] +++ killed by SIGBUS +++ [pid 5155] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5155, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./38", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./38/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./38/binderfs") = 0 [ 76.231051][ T5156] loop0: detected capacity change from 0 to 2048 [ 76.241954][ T5156] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./38/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./38/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./38/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./38/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./38") = 0 mkdir("./39", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5158 ./strace-static-x86_64: Process 5158 attached [pid 5158] set_robust_list(0x5555562186a0, 24) = 0 [pid 5158] chdir("./39") = 0 [pid 5158] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5158] setpgid(0, 0) = 0 [pid 5158] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5158] write(3, "1000", 4) = 4 [pid 5158] close(3) = 0 [pid 5158] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5158] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5158] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5158] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5158] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5158] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5158] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5158] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5159 attached => {parent_tid=[5159]}, 88) = 5159 [pid 5159] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5158] rt_sigprocmask(SIG_SETMASK, [], [pid 5159] <... rseq resumed>) = 0 [pid 5158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5159] set_robust_list(0x7f3dc90769a0, 24 [pid 5158] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... set_robust_list resumed>) = 0 [pid 5158] <... futex resumed>) = 0 [pid 5159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5158] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5159] memfd_create("syzkaller", 0) = 3 [pid 5159] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5159] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5159] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5159] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5159] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5159] close(3) = 0 [pid 5159] mkdir("./file0", 0777) = 0 [pid 5159] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5159] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5159] chdir("./file0") = 0 [pid 5159] ioctl(4, LOOP_CLR_FD) = 0 [pid 5159] close(4) = 0 [pid 5159] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5158] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5159] <... open resumed>) = 4 [pid 5159] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5159] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 0 [pid 5158] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5159] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5159] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5158] <... futex resumed>) = 1 [pid 5158] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5158] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5158] <... futex resumed>) = 1 [pid 5158] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5159] <... futex resumed>) = 0 [pid 5159] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5159] +++ killed by SIGBUS +++ [pid 5158] <... futex resumed>) = ? [pid 5158] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5158, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./39", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./39/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./39/binderfs") = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./39/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./39/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./39/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./39/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./39") = 0 mkdir("./40", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5160 attached , child_tidptr=0x555556218690) = 5160 [pid 5160] set_robust_list(0x5555562186a0, 24) = 0 [ 76.336713][ T5159] loop0: detected capacity change from 0 to 2048 [ 76.348918][ T5159] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5160] chdir("./40") = 0 [pid 5160] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5160] setpgid(0, 0) = 0 [pid 5160] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5160] write(3, "1000", 4) = 4 [pid 5160] close(3) = 0 [pid 5160] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5160] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5160] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5160] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5160] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5161]}, 88) = 5161 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5160] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5161 attached [pid 5161] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5161] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5161] memfd_create("syzkaller", 0) = 3 [pid 5161] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5161] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5161] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5161] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5161] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5161] close(3) = 0 [pid 5161] mkdir("./file0", 0777) = 0 [pid 5161] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5161] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5161] chdir("./file0") = 0 [pid 5161] ioctl(4, LOOP_CLR_FD) = 0 [pid 5161] close(4) = 0 [pid 5161] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] <... open resumed>) = 4 [pid 5161] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5160] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5160] <... futex resumed>) = 0 [pid 5161] <... open resumed>) = 5 [pid 5160] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5161] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... futex resumed>) = 0 [pid 5161] <... futex resumed>) = 1 [pid 5160] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5161] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5160] <... futex resumed>) = 0 [pid 5160] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5160] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5161] <... mmap resumed>) = 0x20000000 [pid 5160] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5161] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5160] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5161] <... futex resumed>) = 0 [pid 5160] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5161] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5162 attached [pid 5160] <... clone3 resumed> => {parent_tid=[5162]}, 88) = 5162 [pid 5160] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5160] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5160] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5162] <... rseq resumed>) = 0 [pid 5162] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5162] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5162] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5160] <... futex resumed>) = ? [pid 5161] <... futex resumed>) = ? [pid 5161] +++ killed by SIGBUS +++ [pid 5162] +++ killed by SIGBUS +++ [pid 5160] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5160, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./40", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./40/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./40/binderfs") = 0 [ 76.426515][ T5161] loop0: detected capacity change from 0 to 2048 [ 76.445869][ T5161] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./40/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./40/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./40/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./40/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./40") = 0 mkdir("./41", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5163 attached , child_tidptr=0x555556218690) = 5163 [pid 5163] set_robust_list(0x5555562186a0, 24) = 0 [pid 5163] chdir("./41") = 0 [pid 5163] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5163] setpgid(0, 0) = 0 [pid 5163] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5163] write(3, "1000", 4) = 4 [pid 5163] close(3) = 0 [pid 5163] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5163] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5163] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5163] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5164]}, 88) = 5164 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5163] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5164 attached ) = 0 [pid 5164] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5164] set_robust_list(0x7f3dc90769a0, 24 [pid 5163] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5164] <... set_robust_list resumed>) = 0 [pid 5164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5164] memfd_create("syzkaller", 0) = 3 [pid 5164] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5164] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5164] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5164] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5164] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5164] close(3) = 0 [pid 5164] mkdir("./file0", 0777) = 0 [pid 5164] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5164] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5164] chdir("./file0") = 0 [pid 5164] ioctl(4, LOOP_CLR_FD) = 0 [pid 5164] close(4) = 0 [pid 5164] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5164] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5164] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5164] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5163] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5164] <... open resumed>) = 5 [pid 5164] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5164] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5163] <... futex resumed>) = 0 [pid 5163] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5163] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5163] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5164] <... mmap resumed>) = 0x20000000 [pid 5163] <... mprotect resumed>) = 0 [pid 5164] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5164] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5163] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5163] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5165 attached [pid 5165] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5163] <... clone3 resumed> => {parent_tid=[5165]}, 88) = 5165 [pid 5165] <... rseq resumed>) = 0 [pid 5163] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5165] set_robust_list(0x7f3dc0d559a0, 24 [pid 5163] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5165] <... set_robust_list resumed>) = 0 [pid 5163] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5165] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5163] <... futex resumed>) = ? [pid 5164] <... futex resumed>) = ? [pid 5164] +++ killed by SIGBUS +++ [pid 5165] +++ killed by SIGBUS +++ [pid 5163] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5163, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./41", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./41", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./41/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./41/binderfs") = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./41/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./41/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 76.567063][ T5164] loop0: detected capacity change from 0 to 2048 [ 76.578482][ T5164] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./41/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./41/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./41") = 0 mkdir("./42", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5166 ./strace-static-x86_64: Process 5166 attached [pid 5166] set_robust_list(0x5555562186a0, 24) = 0 [pid 5166] chdir("./42") = 0 [pid 5166] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5166] setpgid(0, 0) = 0 [pid 5166] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5166] write(3, "1000", 4) = 4 [pid 5166] close(3) = 0 [pid 5166] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5166] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5166] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5166] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5167]}, 88) = 5167 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5166] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5166] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5167 attached [pid 5167] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5167] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5167] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5167] memfd_create("syzkaller", 0) = 3 [pid 5167] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5167] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5167] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5167] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5167] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5167] close(3) = 0 [pid 5167] mkdir("./file0", 0777) = 0 [pid 5167] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5167] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5167] chdir("./file0") = 0 [pid 5167] ioctl(4, LOOP_CLR_FD) = 0 [pid 5167] close(4) = 0 [pid 5167] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5167] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] <... futex resumed>) = 0 [pid 5166] <... futex resumed>) = 1 [pid 5167] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5166] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] <... open resumed>) = 4 [pid 5167] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5167] <... futex resumed>) = 1 [pid 5166] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5166] <... futex resumed>) = 0 [pid 5167] <... open resumed>) = 5 [pid 5166] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5167] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5166] <... futex resumed>) = 0 [pid 5166] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] <... futex resumed>) = 1 [pid 5166] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5167] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5166] <... futex resumed>) = 0 [pid 5167] <... mmap resumed>) = 0x20000000 [pid 5166] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5167] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5167] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5166] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5166] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5166] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5166] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5168 attached [pid 5168] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5166] <... clone3 resumed> => {parent_tid=[5168]}, 88) = 5168 [pid 5168] <... rseq resumed>) = 0 [pid 5166] rt_sigprocmask(SIG_SETMASK, [], [pid 5168] set_robust_list(0x7f3dc0d559a0, 24 [pid 5166] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5168] <... set_robust_list resumed>) = 0 [pid 5166] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5168] rt_sigprocmask(SIG_SETMASK, [], [pid 5166] <... futex resumed>) = 0 [pid 5168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5166] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5168] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5166] <... futex resumed>) = ? [pid 5167] <... futex resumed>) = ? [pid 5167] +++ killed by SIGBUS +++ [pid 5168] +++ killed by SIGBUS +++ [pid 5166] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5166, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./42", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./42/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./42/binderfs") = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./42/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./42/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./42/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./42/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 76.683049][ T5167] loop0: detected capacity change from 0 to 2048 [ 76.705737][ T5167] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./42") = 0 mkdir("./43", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5169 attached , child_tidptr=0x555556218690) = 5169 [pid 5169] set_robust_list(0x5555562186a0, 24) = 0 [pid 5169] chdir("./43") = 0 [pid 5169] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5169] setpgid(0, 0) = 0 [pid 5169] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5169] write(3, "1000", 4) = 4 [pid 5169] close(3) = 0 [pid 5169] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5169] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5169] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5169] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5170 attached [pid 5170] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5170] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5170] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5170] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] <... clone3 resumed> => {parent_tid=[5170]}, 88) = 5170 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5169] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5169] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5170] memfd_create("syzkaller", 0) = 3 [pid 5170] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5170] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5170] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5170] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5170] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5170] close(3) = 0 [pid 5170] mkdir("./file0", 0777) = 0 [pid 5170] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5170] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5170] chdir("./file0") = 0 [pid 5170] ioctl(4, LOOP_CLR_FD) = 0 [ 76.792249][ T5170] __do_sys_memfd_create: 33 callbacks suppressed [ 76.792267][ T5170] syz-executor183[5170]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 76.821074][ T5170] loop0: detected capacity change from 0 to 2048 [ 76.832794][ T5170] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5170] close(4) = 0 [pid 5170] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] <... open resumed>) = 4 [pid 5170] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5169] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5170] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5170] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5169] <... futex resumed>) = 0 [pid 5170] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5169] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5170] <... futex resumed>) = 0 [pid 5169] <... futex resumed>) = 1 [pid 5170] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5169] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5169] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5170] <... mmap resumed>) = 0x20000000 [pid 5169] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5169] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5169] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5169] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5171 attached => {parent_tid=[5171]}, 88) = 5171 [pid 5171] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5169] rt_sigprocmask(SIG_SETMASK, [], [pid 5171] <... rseq resumed>) = 0 [pid 5169] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5171] set_robust_list(0x7f3dc0d559a0, 24 [pid 5170] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] <... set_robust_list resumed>) = 0 [pid 5169] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5171] rt_sigprocmask(SIG_SETMASK, [], [pid 5169] <... futex resumed>) = 0 [pid 5171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5169] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5171] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5169] <... futex resumed>) = ? [pid 5171] +++ killed by SIGBUS +++ [pid 5170] <... futex resumed>) = ? [pid 5170] +++ killed by SIGBUS +++ [pid 5169] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5169, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./43", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./43/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./43/binderfs") = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./43/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./43/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./43/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./43/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./43") = 0 mkdir("./44", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5172 attached , child_tidptr=0x555556218690) = 5172 [pid 5172] set_robust_list(0x5555562186a0, 24) = 0 [pid 5172] chdir("./44") = 0 [pid 5172] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5172] setpgid(0, 0) = 0 [pid 5172] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5172] write(3, "1000", 4) = 4 [pid 5172] close(3) = 0 [pid 5172] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5172] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5172] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5172] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5172] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5172] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5173]}, 88) = 5173 [pid 5172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5173 attached [pid 5172] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5173] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5173] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5173] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5173] memfd_create("syzkaller", 0) = 3 [pid 5173] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5173] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5173] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5173] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5173] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5173] close(3) = 0 [pid 5173] mkdir("./file0", 0777) = 0 [ 76.901609][ T5173] syz-executor183[5173]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 76.935809][ T5173] loop0: detected capacity change from 0 to 2048 [pid 5173] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5173] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5173] chdir("./file0") = 0 [pid 5173] ioctl(4, LOOP_CLR_FD) = 0 [pid 5173] close(4) = 0 [pid 5173] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5172] <... futex resumed>) = 0 [pid 5173] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5172] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... open resumed>) = 4 [pid 5173] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5173] <... futex resumed>) = 1 [pid 5172] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5173] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5172] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5173] <... open resumed>) = 5 [pid 5173] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5172] <... futex resumed>) = 0 [pid 5172] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5172] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5173] <... futex resumed>) = 1 [pid 5172] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5173] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5173] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5173] <... futex resumed>) = 0 [pid 5173] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] <... clone3 resumed> => {parent_tid=[5174]}, 88) = 5174 [pid 5174] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5174] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5172] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5174] <... futex resumed>) = 0 [pid 5172] <... futex resumed>) = 1 [pid 5172] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5174] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5172] <... futex resumed>) = ? [pid 5173] <... futex resumed>) = ? [pid 5174] +++ killed by SIGBUS +++ [pid 5173] +++ killed by SIGBUS +++ [pid 5172] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5172, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./44", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./44/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./44/binderfs") = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./44/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./44/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./44/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 76.948322][ T5173] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./44/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./44") = 0 mkdir("./45", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5175 attached , child_tidptr=0x555556218690) = 5175 [pid 5175] set_robust_list(0x5555562186a0, 24) = 0 [pid 5175] chdir("./45") = 0 [pid 5175] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5175] setpgid(0, 0) = 0 [pid 5175] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5175] write(3, "1000", 4) = 4 [pid 5175] close(3) = 0 [pid 5175] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5175] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5175] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5175] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5176 attached => {parent_tid=[5176]}, 88) = 5176 [pid 5176] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5176] set_robust_list(0x7f3dc90769a0, 24 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5176] <... set_robust_list resumed>) = 0 [pid 5175] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] <... futex resumed>) = 0 [pid 5176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5175] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5176] memfd_create("syzkaller", 0) = 3 [pid 5176] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5176] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5176] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5176] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5176] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5176] close(3) = 0 [pid 5176] mkdir("./file0", 0777) = 0 [ 77.007574][ T5176] syz-executor183[5176]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.040235][ T5176] loop0: detected capacity change from 0 to 2048 [pid 5176] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5176] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5176] chdir("./file0") = 0 [pid 5176] ioctl(4, LOOP_CLR_FD) = 0 [pid 5176] close(4) = 0 [pid 5176] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5175] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5176] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5175] <... futex resumed>) = 0 [pid 5175] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5176] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5176] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5175] <... futex resumed>) = 0 [pid 5176] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5176] <... futex resumed>) = 0 [pid 5175] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5176] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5175] <... futex resumed>) = 0 [pid 5175] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5175] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5176] <... mmap resumed>) = 0x20000000 [pid 5176] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5175] <... mprotect resumed>) = 0 [pid 5176] <... futex resumed>) = 0 [pid 5176] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5175] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5175] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5177 attached => {parent_tid=[5177]}, 88) = 5177 [pid 5177] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5175] rt_sigprocmask(SIG_SETMASK, [], [pid 5177] <... rseq resumed>) = 0 [pid 5175] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] set_robust_list(0x7f3dc0d559a0, 24 [pid 5175] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5177] <... set_robust_list resumed>) = 0 [pid 5175] <... futex resumed>) = 0 [pid 5177] rt_sigprocmask(SIG_SETMASK, [], [pid 5175] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5177] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5176] <... futex resumed>) = ? [pid 5177] +++ killed by SIGBUS +++ [pid 5176] +++ killed by SIGBUS +++ [pid 5175] <... futex resumed>) = ? [pid 5175] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5175, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./45", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./45/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./45/binderfs") = 0 [ 77.050759][ T5176] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./45/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./45/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./45/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./45/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./45") = 0 mkdir("./46", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5178 attached [pid 5178] set_robust_list(0x5555562186a0, 24) = 0 [pid 5178] chdir("./46") = 0 [pid 5178] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5178] setpgid(0, 0) = 0 [pid 5178] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5178 [pid 5178] <... openat resumed>) = 3 [pid 5178] write(3, "1000", 4) = 4 [pid 5178] close(3) = 0 [pid 5178] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5178] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5178] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5178] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5178] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5178] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5178] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5179 attached => {parent_tid=[5179]}, 88) = 5179 [pid 5179] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5178] rt_sigprocmask(SIG_SETMASK, [], [pid 5179] set_robust_list(0x7f3dc90769a0, 24 [pid 5178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5179] <... set_robust_list resumed>) = 0 [pid 5179] rt_sigprocmask(SIG_SETMASK, [], [pid 5178] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5178] <... futex resumed>) = 0 [pid 5179] memfd_create("syzkaller", 0 [pid 5178] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5179] <... memfd_create resumed>) = 3 [pid 5179] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5179] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5179] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5179] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5179] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5179] close(3) = 0 [pid 5179] mkdir("./file0", 0777) = 0 [pid 5179] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5179] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5179] chdir("./file0") = 0 [pid 5179] ioctl(4, LOOP_CLR_FD) = 0 [pid 5179] close(4) = 0 [pid 5179] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5179] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5178] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... open resumed>) = 4 [pid 5179] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5179] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5178] <... futex resumed>) = 0 [pid 5178] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... futex resumed>) = 0 [pid 5178] <... futex resumed>) = 1 [pid 5179] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5178] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] <... open resumed>) = 5 [pid 5179] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5178] <... futex resumed>) = 0 [pid 5179] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5178] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5179] <... mmap resumed>) = 0x20000000 [pid 5178] <... futex resumed>) = 0 [pid 5179] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5178] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5179] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5178] <... futex resumed>) = ? [pid 5179] +++ killed by SIGBUS +++ [pid 5178] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5178, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./46", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./46/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./46/binderfs") = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./46/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 77.119035][ T5179] syz-executor183[5179]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.145140][ T5179] loop0: detected capacity change from 0 to 2048 [ 77.156452][ T5179] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./46/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./46/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./46/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./46") = 0 mkdir("./47", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5180 attached , child_tidptr=0x555556218690) = 5180 [pid 5180] set_robust_list(0x5555562186a0, 24) = 0 [pid 5180] chdir("./47") = 0 [pid 5180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5180] setpgid(0, 0) = 0 [pid 5180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5180] write(3, "1000", 4) = 4 [pid 5180] close(3) = 0 [pid 5180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5180] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5180] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5181]}, 88) = 5181 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5181 attached [pid 5181] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5181] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5181] memfd_create("syzkaller", 0) = 3 [pid 5181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [ 77.239235][ T5181] syz-executor183[5181]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5181] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5181] close(3) = 0 [pid 5181] mkdir("./file0", 0777) = 0 [pid 5181] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5181] chdir("./file0") = 0 [pid 5181] ioctl(4, LOOP_CLR_FD) = 0 [pid 5181] close(4) = 0 [pid 5181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5181] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5181] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5180] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5181] <... open resumed>) = 4 [pid 5181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5180] <... futex resumed>) = 0 [pid 5181] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5181] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5181] <... futex resumed>) = 0 [pid 5180] <... futex resumed>) = 1 [pid 5181] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5180] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5181] <... mmap resumed>) = 0x20000000 [pid 5180] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5181] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5180] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5182 attached => {parent_tid=[5182]}, 88) = 5182 [pid 5182] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5180] rt_sigprocmask(SIG_SETMASK, [], [pid 5182] <... rseq resumed>) = 0 [pid 5180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5182] set_robust_list(0x7f3dc0d559a0, 24 [pid 5180] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5182] <... set_robust_list resumed>) = 0 [pid 5180] <... futex resumed>) = 0 [pid 5180] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5182] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5181] <... futex resumed>) = ? [pid 5180] <... futex resumed>) = ? [pid 5182] +++ killed by SIGBUS +++ [pid 5181] +++ killed by SIGBUS +++ [pid 5180] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5180, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./47", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./47/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./47/binderfs") = 0 [ 77.289512][ T5181] loop0: detected capacity change from 0 to 2048 [ 77.311859][ T5181] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./47/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./47/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./47/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./47/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./47") = 0 mkdir("./48", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5183 attached , child_tidptr=0x555556218690) = 5183 [pid 5183] set_robust_list(0x5555562186a0, 24) = 0 [pid 5183] chdir("./48") = 0 [pid 5183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5183] setpgid(0, 0) = 0 [pid 5183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5183] write(3, "1000", 4) = 4 [pid 5183] close(3) = 0 [pid 5183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5183] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5183] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5184 attached => {parent_tid=[5184]}, 88) = 5184 [pid 5184] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5184] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5184] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] <... futex resumed>) = 0 [pid 5183] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5184] memfd_create("syzkaller", 0) = 3 [pid 5184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5184] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5184] close(3) = 0 [pid 5184] mkdir("./file0", 0777) = 0 [pid 5184] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5184] chdir("./file0") = 0 [pid 5184] ioctl(4, LOOP_CLR_FD) = 0 [pid 5184] close(4) = 0 [pid 5184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5184] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5184] <... futex resumed>) = 0 [pid 5183] <... futex resumed>) = 1 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5183] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... open resumed>) = 4 [pid 5184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5184] <... futex resumed>) = 1 [pid 5184] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5183] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5185]}, 88) = 5185 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5183] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5185 attached [pid 5185] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5185] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5185] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5185] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5183] <... futex resumed>) = 0 [pid 5183] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5185] <... futex resumed>) = 1 [pid 5185] write(6, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 5184] <... futex resumed>) = 1 [ 77.417328][ T5184] syz-executor183[5184]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.442499][ T5184] loop0: detected capacity change from 0 to 2048 [ 77.454621][ T5184] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5184] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5183] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5183] futex(0x7f3dc91426ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d14000 [pid 5183] mprotect(0x7f3dc0d15000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d34990, parent_tid=0x7f3dc0d34990, exit_signal=0, stack=0x7f3dc0d14000, stack_size=0x20300, tls=0x7f3dc0d346c0}./strace-static-x86_64: Process 5186 attached => {parent_tid=[5186]}, 88) = 5186 [pid 5186] rseq(0x7f3dc0d34fe0, 0x20, 0, 0x53053053 [pid 5183] rt_sigprocmask(SIG_SETMASK, [], [pid 5186] <... rseq resumed>) = 0 [pid 5183] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] set_robust_list(0x7f3dc0d349a0, 24 [pid 5183] futex(0x7f3dc91426e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5186] <... set_robust_list resumed>) = 0 [pid 5183] <... futex resumed>) = 0 [pid 5186] rt_sigprocmask(SIG_SETMASK, [], [pid 5183] futex(0x7f3dc91426ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5186] ftruncate(4, 2 [pid 5183] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 5186] <... ftruncate resumed>) = 0 [pid 5185] <... write resumed>) = 348160 [pid 5184] <... mmap resumed>) = 0x20000000 [pid 5184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5184] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5185] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5185] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5186] futex(0x7f3dc91426ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5186] futex(0x7f3dc91426e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5183] exit_group(0) = ? [pid 5185] <... futex resumed>) = ? [pid 5186] <... futex resumed>) = ? [pid 5185] +++ exited with 0 +++ [pid 5186] +++ exited with 0 +++ [pid 5184] <... futex resumed>) = ? [pid 5184] +++ exited with 0 +++ [pid 5183] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5183, si_uid=0, si_status=0, si_utime=0, si_stime=13 /* 0.13 s */} --- umount2("./48", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./48/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./48/binderfs") = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./48/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./48/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./48/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./48/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./48") = 0 mkdir("./49", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5187 ./strace-static-x86_64: Process 5187 attached [pid 5187] set_robust_list(0x5555562186a0, 24) = 0 [pid 5187] chdir("./49") = 0 [pid 5187] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5187] setpgid(0, 0) = 0 [pid 5187] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5187] write(3, "1000", 4) = 4 [pid 5187] close(3) = 0 [pid 5187] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5187] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5187] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5187] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5187] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5188]}, 88) = 5188 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5187] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5188 attached [pid 5188] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5188] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5188] memfd_create("syzkaller", 0) = 3 [pid 5188] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5188] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5188] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5188] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5188] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5188] close(3) = 0 [pid 5188] mkdir("./file0", 0777) = 0 [pid 5188] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5188] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5188] chdir("./file0") = 0 [pid 5188] ioctl(4, LOOP_CLR_FD) = 0 [pid 5188] close(4) = 0 [pid 5188] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5188] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5188] <... open resumed>) = 4 [pid 5188] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5187] <... futex resumed>) = 0 [pid 5187] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5188] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5187] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5188] <... futex resumed>) = 0 [pid 5187] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5188] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5187] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5188] <... mmap resumed>) = 0x20000000 [pid 5187] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5188] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5187] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5188] <... futex resumed>) = 0 [pid 5187] <... mprotect resumed>) = 0 [pid 5188] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5187] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5187] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5189]}, 88) = 5189 [pid 5187] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5187] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5187] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5189 attached [pid 5189] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5189] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5189] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5188] <... futex resumed>) = ? [pid 5188] +++ killed by SIGBUS +++ [pid 5187] <... futex resumed>) = ? [pid 5189] +++ killed by SIGBUS +++ [pid 5187] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5187, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./49", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.674286][ T5188] syz-executor183[5188]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.696999][ T5188] loop0: detected capacity change from 0 to 2048 [ 77.708909][ T5188] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./49", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./49/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./49/binderfs") = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./49/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./49/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./49/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./49/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./49") = 0 mkdir("./50", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5190 ./strace-static-x86_64: Process 5190 attached [pid 5190] set_robust_list(0x5555562186a0, 24) = 0 [pid 5190] chdir("./50") = 0 [pid 5190] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5190] setpgid(0, 0) = 0 [pid 5190] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5190] write(3, "1000", 4) = 4 [pid 5190] close(3) = 0 [pid 5190] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5190] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5190] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5190] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5190] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5191 attached => {parent_tid=[5191]}, 88) = 5191 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5190] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5190] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5191] <... rseq resumed>) = 0 [pid 5191] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5191] memfd_create("syzkaller", 0) = 3 [pid 5191] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5191] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5191] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5191] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5191] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5191] close(3) = 0 [pid 5191] mkdir("./file0", 0777) = 0 [pid 5191] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5191] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5191] chdir("./file0") = 0 [pid 5191] ioctl(4, LOOP_CLR_FD) = 0 [pid 5191] close(4) = 0 [pid 5191] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5190] <... futex resumed>) = 0 [pid 5191] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5191] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5190] <... futex resumed>) = 0 [pid 5191] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5190] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... open resumed>) = 4 [pid 5191] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5191] <... futex resumed>) = 1 [pid 5191] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5191] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5190] <... futex resumed>) = 0 [pid 5190] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5191] <... futex resumed>) = 1 [pid 5190] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5191] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5191] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5191] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5190] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5190] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5192]}, 88) = 5192 [pid 5190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5190] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5190] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5192 attached [pid 5192] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5192] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5192] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5191] <... futex resumed>) = ? [pid 5192] +++ killed by SIGBUS +++ [pid 5191] +++ killed by SIGBUS +++ [pid 5190] <... futex resumed>) = ? [pid 5190] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5190, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./50", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./50/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./50/binderfs") = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./50/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./50/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./50/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 77.797239][ T5191] syz-executor183[5191]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.822102][ T5191] loop0: detected capacity change from 0 to 2048 [ 77.834432][ T5191] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./50/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./50") = 0 mkdir("./51", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5193 attached , child_tidptr=0x555556218690) = 5193 [pid 5193] set_robust_list(0x5555562186a0, 24) = 0 [pid 5193] chdir("./51") = 0 [pid 5193] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5193] setpgid(0, 0) = 0 [pid 5193] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5193] write(3, "1000", 4) = 4 [pid 5193] close(3) = 0 [pid 5193] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5193] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5193] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5193] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5193] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5193] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5193] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5193] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5194 attached [pid 5194] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5193] <... clone3 resumed> => {parent_tid=[5194]}, 88) = 5194 [pid 5194] <... rseq resumed>) = 0 [pid 5193] rt_sigprocmask(SIG_SETMASK, [], [pid 5194] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5193] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] rt_sigprocmask(SIG_SETMASK, [], [pid 5193] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5194] memfd_create("syzkaller", 0 [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5194] <... memfd_create resumed>) = 3 [pid 5194] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5194] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5194] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5194] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5194] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5194] close(3) = 0 [pid 5194] mkdir("./file0", 0777) = 0 [pid 5194] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5194] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5194] chdir("./file0") = 0 [pid 5194] ioctl(4, LOOP_CLR_FD) = 0 [pid 5194] close(4) = 0 [pid 5194] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5194] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5193] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... open resumed>) = 4 [pid 5194] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5194] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5193] <... futex resumed>) = 0 [pid 5193] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5193] <... futex resumed>) = 1 [pid 5194] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5193] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5194] <... open resumed>) = 5 [pid 5194] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5193] <... futex resumed>) = 0 [pid 5194] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5193] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... mmap resumed>) = 0x20000000 [pid 5193] <... futex resumed>) = 0 [pid 5194] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5193] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5194] <... futex resumed>) = 0 [pid 5194] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5193] <... futex resumed>) = 0 [pid 5194] +++ killed by SIGBUS +++ [pid 5193] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5193, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./51", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./51/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 77.917731][ T5194] syz-executor183[5194]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 77.940595][ T5194] loop0: detected capacity change from 0 to 2048 [ 77.952550][ T5194] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./51/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./51/binderfs") = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./51/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./51/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./51/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./51/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./51") = 0 mkdir("./52", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5195 attached , child_tidptr=0x555556218690) = 5195 [pid 5195] set_robust_list(0x5555562186a0, 24) = 0 [pid 5195] chdir("./52") = 0 [pid 5195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5195] setpgid(0, 0) = 0 [pid 5195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5195] write(3, "1000", 4) = 4 [pid 5195] close(3) = 0 [pid 5195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5195] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5195] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5196 attached => {parent_tid=[5196]}, 88) = 5196 [pid 5196] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5196] set_robust_list(0x7f3dc90769a0, 24 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], [pid 5196] <... set_robust_list resumed>) = 0 [pid 5195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5196] rt_sigprocmask(SIG_SETMASK, [], [pid 5195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5195] <... futex resumed>) = 0 [pid 5196] memfd_create("syzkaller", 0 [pid 5195] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5196] <... memfd_create resumed>) = 3 [pid 5196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5196] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5196] close(3) = 0 [pid 5196] mkdir("./file0", 0777) = 0 [pid 5196] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5196] chdir("./file0") = 0 [pid 5196] ioctl(4, LOOP_CLR_FD) = 0 [pid 5196] close(4) = 0 [pid 5196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5196] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5195] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... open resumed>) = 4 [pid 5196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5196] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... futex resumed>) = 0 [pid 5195] <... futex resumed>) = 1 [pid 5196] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5195] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5196] <... open resumed>) = 5 [pid 5196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5195] <... futex resumed>) = 0 [pid 5196] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5196] <... mmap resumed>) = 0x20000000 [pid 5195] <... futex resumed>) = 0 [pid 5195] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5195] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5195] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5195] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5196] <... futex resumed>) = 0 [pid 5195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5197 attached [pid 5196] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5197] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5195] <... clone3 resumed> => {parent_tid=[5197]}, 88) = 5197 [pid 5197] set_robust_list(0x7f3dc0d559a0, 24 [pid 5195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5195] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5195] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5197] <... set_robust_list resumed>) = 0 [pid 5197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5197] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5195] <... futex resumed>) = ? [pid 5196] <... futex resumed>) = ? [pid 5196] +++ killed by SIGBUS +++ [pid 5197] +++ killed by SIGBUS +++ [pid 5195] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5195, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./52", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./52/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 78.048782][ T5196] syz-executor183[5196]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 78.072390][ T5196] loop0: detected capacity change from 0 to 2048 [ 78.084425][ T5196] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./52/binderfs") = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./52/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./52/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./52/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./52/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./52") = 0 mkdir("./53", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5198 ./strace-static-x86_64: Process 5198 attached [pid 5198] set_robust_list(0x5555562186a0, 24) = 0 [pid 5198] chdir("./53") = 0 [pid 5198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5198] setpgid(0, 0) = 0 [pid 5198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5198] write(3, "1000", 4) = 4 [pid 5198] close(3) = 0 [pid 5198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5198] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5198] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5199 attached [pid 5199] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5198] <... clone3 resumed> => {parent_tid=[5199]}, 88) = 5199 [pid 5199] <... rseq resumed>) = 0 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], [pid 5199] set_robust_list(0x7f3dc90769a0, 24 [pid 5198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5199] <... set_robust_list resumed>) = 0 [pid 5198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5199] rt_sigprocmask(SIG_SETMASK, [], [pid 5198] <... futex resumed>) = 0 [pid 5199] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5198] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5199] memfd_create("syzkaller", 0) = 3 [pid 5199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5199] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5199] close(3) = 0 [pid 5199] mkdir("./file0", 0777) = 0 [pid 5199] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5199] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5199] chdir("./file0") = 0 [pid 5199] ioctl(4, LOOP_CLR_FD) = 0 [pid 5199] close(4) = 0 [pid 5199] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5199] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5199] <... futex resumed>) = 0 [pid 5199] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5198] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5199] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5198] <... futex resumed>) = 0 [pid 5198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5199] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5198] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5199] <... mmap resumed>) = 0x20000000 [pid 5198] <... mprotect resumed>) = 0 [pid 5199] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5199] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5200]}, 88) = 5200 [pid 5198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5198] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5200 attached ) = 0 [pid 5200] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5198] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5200] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5200] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5200] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5199] <... futex resumed>) = ? [pid 5198] <... futex resumed>) = ? [pid 5199] +++ killed by SIGBUS +++ [pid 5200] +++ killed by SIGBUS +++ [pid 5198] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5198, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./53", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./53/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./53/binderfs") = 0 [ 78.197178][ T5199] loop0: detected capacity change from 0 to 2048 [ 78.209610][ T5199] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./53/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./53/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./53/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./53/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./53") = 0 mkdir("./54", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5201 ./strace-static-x86_64: Process 5201 attached [pid 5201] set_robust_list(0x5555562186a0, 24) = 0 [pid 5201] chdir("./54") = 0 [pid 5201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5201] setpgid(0, 0) = 0 [pid 5201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5201] write(3, "1000", 4) = 4 [pid 5201] close(3) = 0 [pid 5201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5201] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5201] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5202 attached [pid 5202] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5201] <... clone3 resumed> => {parent_tid=[5202]}, 88) = 5202 [pid 5202] <... rseq resumed>) = 0 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] rt_sigprocmask(SIG_SETMASK, [], [pid 5201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5202] memfd_create("syzkaller", 0 [pid 5201] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5202] <... memfd_create resumed>) = 3 [pid 5202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5202] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5202] close(3) = 0 [pid 5202] mkdir("./file0", 0777) = 0 [pid 5202] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5202] chdir("./file0") = 0 [pid 5202] ioctl(4, LOOP_CLR_FD) = 0 [pid 5202] close(4) = 0 [pid 5202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5202] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] <... futex resumed>) = 0 [pid 5201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = 0 [pid 5201] <... futex resumed>) = 1 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5201] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 4 [pid 5202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5201] <... futex resumed>) = 0 [pid 5202] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5201] <... futex resumed>) = 0 [pid 5202] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5201] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5202] <... open resumed>) = 5 [pid 5202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] <... futex resumed>) = 0 [pid 5202] <... futex resumed>) = 1 [pid 5201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5202] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5201] <... futex resumed>) = 0 [pid 5202] <... mmap resumed>) = 0x20000000 [pid 5201] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5201] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5203 attached [pid 5203] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5201] <... clone3 resumed> => {parent_tid=[5203]}, 88) = 5203 [pid 5202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5201] rt_sigprocmask(SIG_SETMASK, [], [pid 5202] <... futex resumed>) = 0 [pid 5201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5202] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5201] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5203] <... rseq resumed>) = 0 [pid 5201] <... futex resumed>) = 0 [pid 5203] set_robust_list(0x7f3dc0d559a0, 24 [pid 5201] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5203] <... set_robust_list resumed>) = 0 [pid 5203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5203] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5202] <... futex resumed>) = ? [pid 5201] <... futex resumed>) = ? [pid 5203] +++ killed by SIGBUS +++ [pid 5202] +++ killed by SIGBUS +++ [pid 5201] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5201, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./54", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./54/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./54/binderfs") = 0 [ 78.339590][ T5202] loop0: detected capacity change from 0 to 2048 [ 78.351619][ T5202] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./54/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./54/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./54/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./54/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./54") = 0 mkdir("./55", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5204 ./strace-static-x86_64: Process 5204 attached [pid 5204] set_robust_list(0x5555562186a0, 24) = 0 [pid 5204] chdir("./55") = 0 [pid 5204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5204] setpgid(0, 0) = 0 [pid 5204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5204] write(3, "1000", 4) = 4 [pid 5204] close(3) = 0 [pid 5204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5204] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5204] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5205]}, 88) = 5205 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5205 attached [pid 5205] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5205] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5205] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5205] memfd_create("syzkaller", 0) = 3 [pid 5205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5205] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5205] close(3) = 0 [pid 5205] mkdir("./file0", 0777) = 0 [pid 5205] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5205] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5205] chdir("./file0") = 0 [pid 5205] ioctl(4, LOOP_CLR_FD) = 0 [pid 5205] close(4) = 0 [pid 5205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5204] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 4 [pid 5205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5204] <... futex resumed>) = 0 [pid 5205] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5204] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... open resumed>) = 5 [pid 5205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5204] <... futex resumed>) = 0 [pid 5205] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5205] <... mmap resumed>) = 0x20000000 [pid 5204] <... futex resumed>) = 0 [pid 5204] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5204] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5204] <... mprotect resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5205] <... futex resumed>) = 0 [pid 5204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5205] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5206 attached [pid 5206] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5204] <... clone3 resumed> => {parent_tid=[5206]}, 88) = 5206 [pid 5206] <... rseq resumed>) = 0 [pid 5204] rt_sigprocmask(SIG_SETMASK, [], [pid 5206] set_robust_list(0x7f3dc0d559a0, 24 [pid 5204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5206] <... set_robust_list resumed>) = 0 [pid 5206] rt_sigprocmask(SIG_SETMASK, [], [pid 5204] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5206] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5204] <... futex resumed>) = 0 [pid 5206] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5204] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5205] <... futex resumed>) = ? [pid 5204] <... futex resumed>) = ? [pid 5205] +++ killed by SIGBUS +++ [pid 5206] +++ killed by SIGBUS +++ [pid 5204] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5204, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./55", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./55", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./55/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./55/binderfs") = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./55/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./55/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 78.451996][ T5205] loop0: detected capacity change from 0 to 2048 [ 78.465263][ T5205] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./55/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./55/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./55") = 0 mkdir("./56", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5207 attached , child_tidptr=0x555556218690) = 5207 [pid 5207] set_robust_list(0x5555562186a0, 24) = 0 [pid 5207] chdir("./56") = 0 [pid 5207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5207] setpgid(0, 0) = 0 [pid 5207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5207] write(3, "1000", 4) = 4 [pid 5207] close(3) = 0 [pid 5207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5207] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5207] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5208]}, 88) = 5208 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5208 attached [pid 5208] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5208] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5208] memfd_create("syzkaller", 0) = 3 [pid 5208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5208] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5208] close(3) = 0 [pid 5208] mkdir("./file0", 0777) = 0 [pid 5208] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5208] chdir("./file0") = 0 [pid 5208] ioctl(4, LOOP_CLR_FD) = 0 [pid 5208] close(4) = 0 [pid 5208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5207] <... futex resumed>) = 1 [pid 5207] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... open resumed>) = 4 [pid 5208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5208] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] <... futex resumed>) = 0 [pid 5207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = 0 [pid 5208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5207] <... futex resumed>) = 1 [pid 5208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5208] <... futex resumed>) = 0 [pid 5207] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5208] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5207] <... futex resumed>) = 0 [pid 5208] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5207] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5208] <... mmap resumed>) = 0x20000000 [pid 5207] <... futex resumed>) = 0 [pid 5208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5208] <... futex resumed>) = 0 [pid 5207] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5207] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5208] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5209 attached => {parent_tid=[5209]}, 88) = 5209 [pid 5207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5207] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5207] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5209] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5209] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5209] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5209] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5208] <... futex resumed>) = ? [pid 5209] +++ killed by SIGBUS +++ [pid 5208] +++ killed by SIGBUS +++ [pid 5207] <... futex resumed>) = ? [pid 5207] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5207, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./56", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./56/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./56/binderfs") = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./56/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./56/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./56/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 78.570570][ T5208] loop0: detected capacity change from 0 to 2048 [ 78.583998][ T5208] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./56/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./56") = 0 mkdir("./57", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5210 ./strace-static-x86_64: Process 5210 attached [pid 5210] set_robust_list(0x5555562186a0, 24) = 0 [pid 5210] chdir("./57") = 0 [pid 5210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5210] setpgid(0, 0) = 0 [pid 5210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5210] write(3, "1000", 4) = 4 [pid 5210] close(3) = 0 [pid 5210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5210] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5210] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5210] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5211 attached [pid 5211] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5210] <... clone3 resumed> => {parent_tid=[5211]}, 88) = 5211 [pid 5211] <... rseq resumed>) = 0 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5211] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5211] rt_sigprocmask(SIG_SETMASK, [], [pid 5210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5210] <... futex resumed>) = 0 [pid 5211] memfd_create("syzkaller", 0 [pid 5210] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5211] <... memfd_create resumed>) = 3 [pid 5211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5211] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5211] close(3) = 0 [pid 5211] mkdir("./file0", 0777) = 0 [pid 5211] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5211] chdir("./file0") = 0 [pid 5211] ioctl(4, LOOP_CLR_FD) = 0 [pid 5211] close(4) = 0 [pid 5211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] <... futex resumed>) = 0 [pid 5211] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5210] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... open resumed>) = 4 [pid 5211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5210] <... futex resumed>) = 0 [pid 5211] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5211] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5210] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... open resumed>) = 5 [pid 5211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5210] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5211] <... futex resumed>) = 0 [pid 5211] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5211] <... futex resumed>) = 0 [pid 5210] <... futex resumed>) = 1 [pid 5210] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5211] <... mmap resumed>) = 0x20000000 [pid 5211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5211] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5210] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [ 78.683418][ T5211] loop0: detected capacity change from 0 to 2048 [ 78.699437][ T5211] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5212 attached [pid 5212] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5210] <... clone3 resumed> => {parent_tid=[5212]}, 88) = 5212 [pid 5212] <... rseq resumed>) = 0 [pid 5212] set_robust_list(0x7f3dc0d559a0, 24 [pid 5210] rt_sigprocmask(SIG_SETMASK, [], [pid 5212] <... set_robust_list resumed>) = 0 [pid 5210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5212] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5210] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5212] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5210] <... futex resumed>) = 0 [pid 5212] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5210] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5211] <... futex resumed>) = ? [pid 5212] +++ killed by SIGBUS +++ [pid 5211] +++ killed by SIGBUS +++ [pid 5210] <... futex resumed>) = ? [pid 5210] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5210, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./57", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./57/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./57/binderfs") = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./57/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./57/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./57/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./57/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./57") = 0 mkdir("./58", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5213 attached , child_tidptr=0x555556218690) = 5213 [pid 5213] set_robust_list(0x5555562186a0, 24) = 0 [pid 5213] chdir("./58") = 0 [pid 5213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5213] setpgid(0, 0) = 0 [pid 5213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5213] write(3, "1000", 4) = 4 [pid 5213] close(3) = 0 [pid 5213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5213] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5213] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5214 attached [pid 5214] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5213] <... clone3 resumed> => {parent_tid=[5214]}, 88) = 5214 [pid 5214] <... rseq resumed>) = 0 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], [pid 5214] set_robust_list(0x7f3dc90769a0, 24 [pid 5213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5214] <... set_robust_list resumed>) = 0 [pid 5213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] <... futex resumed>) = 0 [pid 5214] memfd_create("syzkaller", 0 [pid 5213] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5214] <... memfd_create resumed>) = 3 [pid 5214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5214] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5214] close(3) = 0 [pid 5214] mkdir("./file0", 0777) = 0 [pid 5214] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5214] chdir("./file0") = 0 [pid 5214] ioctl(4, LOOP_CLR_FD) = 0 [pid 5214] close(4) = 0 [pid 5214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5213] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... futex resumed>) = 0 [pid 5214] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5214] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5214] <... futex resumed>) = 0 [pid 5213] <... futex resumed>) = 1 [pid 5214] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5213] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5214] <... open resumed>) = 5 [pid 5214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5213] <... futex resumed>) = 0 [pid 5213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5214] <... futex resumed>) = 1 [pid 5214] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5213] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5214] <... mmap resumed>) = 0x20000000 [pid 5213] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5215 attached [pid 5214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5214] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5213] <... clone3 resumed> => {parent_tid=[5215]}, 88) = 5215 [pid 5213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5213] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5213] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5215] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5215] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5215] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5213] <... futex resumed>) = ? [pid 5214] <... futex resumed>) = ? [pid 5215] +++ killed by SIGBUS +++ [pid 5214] +++ killed by SIGBUS +++ [pid 5213] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5213, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./58", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./58/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./58/binderfs") = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./58/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./58/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./58/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./58/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 [ 78.804007][ T5214] loop0: detected capacity change from 0 to 2048 [ 78.816774][ T5214] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 rmdir("./58") = 0 mkdir("./59", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5216 attached , child_tidptr=0x555556218690) = 5216 [pid 5216] set_robust_list(0x5555562186a0, 24) = 0 [pid 5216] chdir("./59") = 0 [pid 5216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5216] setpgid(0, 0) = 0 [pid 5216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5216] write(3, "1000", 4) = 4 [pid 5216] close(3) = 0 [pid 5216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5216] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5216] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5217]}, 88) = 5217 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5217 attached [pid 5217] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5217] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5216] <... futex resumed>) = 0 [pid 5217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5216] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5217] memfd_create("syzkaller", 0) = 3 [pid 5217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5217] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5217] close(3) = 0 [pid 5217] mkdir("./file0", 0777) = 0 [pid 5217] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5217] chdir("./file0") = 0 [pid 5217] ioctl(4, LOOP_CLR_FD) = 0 [pid 5217] close(4) = 0 [pid 5217] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] <... open resumed>) = 4 [pid 5217] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... futex resumed>) = 0 [pid 5216] <... futex resumed>) = 1 [pid 5216] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5217] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5217] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5216] <... futex resumed>) = 0 [pid 5217] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] <... mmap resumed>) = 0x20000000 [pid 5216] <... futex resumed>) = 0 [pid 5216] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5217] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5217] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5216] <... futex resumed>) = 0 [pid 5216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5216] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5218 attached => {parent_tid=[5218]}, 88) = 5218 [pid 5216] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5216] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5216] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5218] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5218] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5218] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5218] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5217] <... futex resumed>) = ? [pid 5216] <... futex resumed>) = ? [pid 5217] +++ killed by SIGBUS +++ [pid 5218] +++ killed by SIGBUS +++ [pid 5216] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5216, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./59", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 [ 78.927593][ T5217] loop0: detected capacity change from 0 to 2048 [ 78.939249][ T5217] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./59/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./59/binderfs") = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./59/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./59/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./59/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./59/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./59") = 0 mkdir("./60", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5219 attached [pid 5219] set_robust_list(0x5555562186a0, 24) = 0 [pid 5219] chdir("./60") = 0 [pid 5219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5219] setpgid(0, 0) = 0 [pid 5219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5219] write(3, "1000", 4) = 4 [pid 5219] close(3) = 0 [pid 5219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5219] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5219 [pid 5219] <... mmap resumed>) = 0x7f3dc9056000 [pid 5219] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5220 attached => {parent_tid=[5220]}, 88) = 5220 [pid 5220] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], [pid 5220] set_robust_list(0x7f3dc90769a0, 24 [pid 5219] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5220] <... set_robust_list resumed>) = 0 [pid 5219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] rt_sigprocmask(SIG_SETMASK, [], [pid 5219] <... futex resumed>) = 0 [pid 5220] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5219] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5220] memfd_create("syzkaller", 0) = 3 [pid 5220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5220] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5220] close(3) = 0 [pid 5220] mkdir("./file0", 0777) = 0 [pid 5220] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5220] chdir("./file0") = 0 [pid 5220] ioctl(4, LOOP_CLR_FD) = 0 [pid 5220] close(4) = 0 [pid 5220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5219] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5220] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5219] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5220] <... futex resumed>) = 0 [pid 5220] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5219] <... futex resumed>) = 0 [pid 5219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] <... futex resumed>) = 1 [pid 5219] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5220] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5219] <... futex resumed>) = 0 [pid 5220] <... mmap resumed>) = 0x20000000 [pid 5219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5219] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5220] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5221]}, 88) = 5221 [pid 5219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5219] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5219] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5221 attached [pid 5221] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5221] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5221] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5220] <... futex resumed>) = ? [pid 5221] +++ killed by SIGBUS +++ [pid 5220] +++ killed by SIGBUS +++ [pid 5219] <... futex resumed>) = ? [pid 5219] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5219, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./60", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./60/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./60/binderfs") = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./60/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./60/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./60/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./60/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./60") = 0 mkdir("./61", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5222 ./strace-static-x86_64: Process 5222 attached [ 79.052764][ T5220] loop0: detected capacity change from 0 to 2048 [ 79.064982][ T5220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5222] set_robust_list(0x5555562186a0, 24) = 0 [pid 5222] chdir("./61") = 0 [pid 5222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5222] setpgid(0, 0) = 0 [pid 5222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5222] write(3, "1000", 4) = 4 [pid 5222] close(3) = 0 [pid 5222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5222] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5222] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5223]}, 88) = 5223 [pid 5222] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5223 attached [pid 5223] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5223] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5223] memfd_create("syzkaller", 0) = 3 [pid 5223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5223] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5223] close(3) = 0 [pid 5223] mkdir("./file0", 0777) = 0 [pid 5223] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5223] chdir("./file0") = 0 [pid 5223] ioctl(4, LOOP_CLR_FD) = 0 [pid 5223] close(4) = 0 [pid 5223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 1 [pid 5223] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5222] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] <... open resumed>) = 4 [pid 5223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5223] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] <... futex resumed>) = 0 [pid 5222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = 0 [pid 5222] <... futex resumed>) = 1 [pid 5223] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5222] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5222] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5223] <... futex resumed>) = 0 [pid 5223] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... mmap resumed>) = 0x20000000 [pid 5223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5222] <... futex resumed>) = 0 [pid 5223] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5223] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5222] <... futex resumed>) = 0 [pid 5223] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5222] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5223] +++ killed by SIGBUS +++ [pid 5222] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5222, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./61", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./61/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./61/binderfs") = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./61/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./61/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./61/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./61/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 79.157845][ T5223] loop0: detected capacity change from 0 to 2048 [ 79.170577][ T5223] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./61") = 0 mkdir("./62", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5224 attached , child_tidptr=0x555556218690) = 5224 [pid 5224] set_robust_list(0x5555562186a0, 24) = 0 [pid 5224] chdir("./62") = 0 [pid 5224] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5224] setpgid(0, 0) = 0 [pid 5224] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5224] write(3, "1000", 4) = 4 [pid 5224] close(3) = 0 [pid 5224] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5224] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5224] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5224] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5225 attached => {parent_tid=[5225]}, 88) = 5225 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], [pid 5225] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5224] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5225] <... rseq resumed>) = 0 [pid 5225] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5225] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5225] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 0 [pid 5224] <... futex resumed>) = 1 [pid 5225] memfd_create("syzkaller", 0 [pid 5224] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5225] <... memfd_create resumed>) = 3 [pid 5225] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5225] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5225] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5225] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5225] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5225] close(3) = 0 [pid 5225] mkdir("./file0", 0777) = 0 [pid 5225] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5225] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5225] chdir("./file0") = 0 [pid 5225] ioctl(4, LOOP_CLR_FD) = 0 [pid 5225] close(4) = 0 [pid 5225] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 0 [pid 5225] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5225] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5225] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5224] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5225] <... futex resumed>) = 0 [pid 5225] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5225] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5224] <... futex resumed>) = 0 [pid 5224] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5225] <... futex resumed>) = 1 [pid 5224] <... futex resumed>) = 0 [pid 5225] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5224] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] <... mmap resumed>) = 0x20000000 [pid 5224] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5224] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5225] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5225] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5224] <... mprotect resumed>) = 0 [pid 5224] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5224] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5226 attached => {parent_tid=[5226]}, 88) = 5226 [pid 5224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5224] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5224] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5226] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5226] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5226] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5224] <... futex resumed>) = ? [pid 5226] +++ killed by SIGBUS +++ [pid 5225] <... futex resumed>) = ? [pid 5225] +++ killed by SIGBUS +++ [pid 5224] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5224, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./62", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./62/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./62/binderfs") = 0 [ 79.279055][ T5225] loop0: detected capacity change from 0 to 2048 [ 79.290643][ T5225] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./62/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./62/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./62/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./62/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./62") = 0 mkdir("./63", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5227 ./strace-static-x86_64: Process 5227 attached [pid 5227] set_robust_list(0x5555562186a0, 24) = 0 [pid 5227] chdir("./63") = 0 [pid 5227] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5227] setpgid(0, 0) = 0 [pid 5227] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5227] write(3, "1000", 4) = 4 [pid 5227] close(3) = 0 [pid 5227] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5227] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5227] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5227] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5228 attached => {parent_tid=[5228]}, 88) = 5228 [pid 5228] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5228] <... rseq resumed>) = 0 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5228] set_robust_list(0x7f3dc90769a0, 24 [pid 5227] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... set_robust_list resumed>) = 0 [pid 5228] rt_sigprocmask(SIG_SETMASK, [], [pid 5227] <... futex resumed>) = 0 [pid 5228] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5227] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5228] memfd_create("syzkaller", 0) = 3 [pid 5228] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5228] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5228] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5228] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5228] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5228] close(3) = 0 [pid 5228] mkdir("./file0", 0777) = 0 [pid 5228] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5228] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5228] chdir("./file0") = 0 [pid 5228] ioctl(4, LOOP_CLR_FD) = 0 [pid 5228] close(4) = 0 [pid 5228] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5228] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5228] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5228] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5227] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... futex resumed>) = 0 [pid 5228] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5227] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... futex resumed>) = 0 [pid 5227] <... futex resumed>) = 1 [pid 5228] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5227] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5228] <... open resumed>) = 5 [pid 5228] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5227] <... futex resumed>) = 0 [pid 5228] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5227] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5228] <... mmap resumed>) = 0x20000000 [pid 5227] <... futex resumed>) = 0 [pid 5227] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5227] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5228] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5228] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5227] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5227] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5229 attached => {parent_tid=[5229]}, 88) = 5229 [pid 5229] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5227] rt_sigprocmask(SIG_SETMASK, [], [pid 5229] set_robust_list(0x7f3dc0d559a0, 24 [pid 5227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5227] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5227] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5229] <... set_robust_list resumed>) = 0 [pid 5229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5229] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5228] <... futex resumed>) = ? [pid 5228] +++ killed by SIGBUS +++ [pid 5227] <... futex resumed>) = ? [pid 5229] +++ killed by SIGBUS +++ [pid 5227] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5227, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./63", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./63/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./63/binderfs") = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./63/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./63/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./63/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./63/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./63") = 0 mkdir("./64", 0777) = 0 [ 79.397171][ T5228] loop0: detected capacity change from 0 to 2048 [ 79.408698][ T5228] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5230 ./strace-static-x86_64: Process 5230 attached [pid 5230] set_robust_list(0x5555562186a0, 24) = 0 [pid 5230] chdir("./64") = 0 [pid 5230] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5230] setpgid(0, 0) = 0 [pid 5230] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5230] write(3, "1000", 4) = 4 [pid 5230] close(3) = 0 [pid 5230] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5230] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5230] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5230] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5231]}, 88) = 5231 [pid 5230] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5230] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5231 attached [pid 5231] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5231] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5231] memfd_create("syzkaller", 0) = 3 [pid 5231] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5231] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5231] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5231] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5231] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5231] close(3) = 0 [pid 5231] mkdir("./file0", 0777) = 0 [pid 5231] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5231] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5231] chdir("./file0") = 0 [pid 5231] ioctl(4, LOOP_CLR_FD) = 0 [pid 5231] close(4) = 0 [pid 5231] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5231] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] <... open resumed>) = 4 [pid 5231] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5231] <... futex resumed>) = 0 [pid 5231] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5230] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5231] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5230] <... futex resumed>) = 0 [pid 5230] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5230] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5231] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5231] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5230] <... mprotect resumed>) = 0 [pid 5231] <... futex resumed>) = 0 [pid 5231] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5230] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5230] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5232]}, 88) = 5232 ./strace-static-x86_64: Process 5232 attached [pid 5230] rt_sigprocmask(SIG_SETMASK, [], [pid 5232] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5232] <... rseq resumed>) = 0 [pid 5230] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5232] set_robust_list(0x7f3dc0d559a0, 24 [pid 5230] <... futex resumed>) = 0 [pid 5232] <... set_robust_list resumed>) = 0 [pid 5230] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5232] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5230] <... futex resumed>) = ? [pid 5231] <... futex resumed>) = ? [pid 5232] +++ killed by SIGBUS +++ [pid 5231] +++ killed by SIGBUS +++ [pid 5230] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5230, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./64", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./64/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./64/binderfs") = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./64/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./64/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./64/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./64/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 79.502187][ T5231] loop0: detected capacity change from 0 to 2048 [ 79.518751][ T5231] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./64") = 0 mkdir("./65", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5233 attached , child_tidptr=0x555556218690) = 5233 [pid 5233] set_robust_list(0x5555562186a0, 24) = 0 [pid 5233] chdir("./65") = 0 [pid 5233] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5233] setpgid(0, 0) = 0 [pid 5233] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5233] write(3, "1000", 4) = 4 [pid 5233] close(3) = 0 [pid 5233] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5233] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5233] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5233] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5234 attached => {parent_tid=[5234]}, 88) = 5234 [pid 5234] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], [pid 5234] <... rseq resumed>) = 0 [pid 5233] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] set_robust_list(0x7f3dc90769a0, 24 [pid 5233] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... set_robust_list resumed>) = 0 [pid 5233] <... futex resumed>) = 0 [pid 5234] rt_sigprocmask(SIG_SETMASK, [], [pid 5233] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5234] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5234] memfd_create("syzkaller", 0) = 3 [pid 5234] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5234] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5234] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5234] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5234] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5234] close(3) = 0 [pid 5234] mkdir("./file0", 0777) = 0 [pid 5234] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5234] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5234] chdir("./file0") = 0 [pid 5234] ioctl(4, LOOP_CLR_FD) = 0 [pid 5234] close(4) = 0 [pid 5234] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5234] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = 1 [pid 5234] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5233] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... open resumed>) = 4 [pid 5234] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5233] <... futex resumed>) = 0 [pid 5234] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5233] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... open resumed>) = 5 [pid 5233] <... futex resumed>) = 0 [pid 5234] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5234] <... futex resumed>) = 0 [pid 5233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5234] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5233] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5234] <... mmap resumed>) = 0x20000000 [pid 5233] <... futex resumed>) = 0 [pid 5233] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5233] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5234] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5233] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5234] <... futex resumed>) = 0 [pid 5233] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5234] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5233] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5235 attached => {parent_tid=[5235]}, 88) = 5235 [pid 5233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5233] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5233] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5235] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5235] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5235] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5234] <... futex resumed>) = ? [pid 5233] <... futex resumed>) = ? [pid 5234] +++ killed by SIGBUS +++ [pid 5235] +++ killed by SIGBUS +++ [pid 5233] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5233, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./65", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./65/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./65/binderfs") = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./65/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./65/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./65/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./65/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./65") = 0 mkdir("./66", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5236 ./strace-static-x86_64: Process 5236 attached [pid 5236] set_robust_list(0x5555562186a0, 24) = 0 [ 79.612087][ T5234] loop0: detected capacity change from 0 to 2048 [ 79.624607][ T5234] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5236] chdir("./66") = 0 [pid 5236] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5236] setpgid(0, 0) = 0 [pid 5236] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5236] write(3, "1000", 4) = 4 [pid 5236] close(3) = 0 [pid 5236] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5236] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5236] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5236] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5236] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5236] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5236] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5237]}, 88) = 5237 [pid 5236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5236] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5237 attached [pid 5237] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5236] <... futex resumed>) = 0 [pid 5236] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5237] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5237] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5237] memfd_create("syzkaller", 0) = 3 [pid 5237] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5237] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5237] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5237] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5237] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5237] close(3) = 0 [pid 5237] mkdir("./file0", 0777) = 0 [pid 5237] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5237] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5237] chdir("./file0") = 0 [pid 5237] ioctl(4, LOOP_CLR_FD) = 0 [pid 5237] close(4) = 0 [pid 5237] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5236] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5236] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... open resumed>) = 4 [pid 5237] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5236] <... futex resumed>) = 0 [pid 5237] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5236] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 1 [pid 5237] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5236] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5237] <... open resumed>) = 5 [pid 5237] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5237] <... futex resumed>) = 0 [pid 5236] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5237] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5236] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5237] <... futex resumed>) = 0 [pid 5236] <... futex resumed>) = 0 [pid 5237] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5237] +++ killed by SIGBUS +++ [pid 5236] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5236, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./66", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./66/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./66/binderfs") = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./66/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./66/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./66/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./66/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 79.707702][ T5237] loop0: detected capacity change from 0 to 2048 [ 79.729544][ T5237] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./66") = 0 mkdir("./67", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5238 attached , child_tidptr=0x555556218690) = 5238 [pid 5238] set_robust_list(0x5555562186a0, 24) = 0 [pid 5238] chdir("./67") = 0 [pid 5238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5238] setpgid(0, 0) = 0 [pid 5238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5238] write(3, "1000", 4) = 4 [pid 5238] close(3) = 0 [pid 5238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5238] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5238] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5239 attached => {parent_tid=[5239]}, 88) = 5239 [pid 5239] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5239] <... rseq resumed>) = 0 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5239] set_robust_list(0x7f3dc90769a0, 24 [pid 5238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... set_robust_list resumed>) = 0 [pid 5239] rt_sigprocmask(SIG_SETMASK, [], [pid 5238] <... futex resumed>) = 0 [pid 5239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5238] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5239] memfd_create("syzkaller", 0) = 3 [pid 5239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5239] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5239] close(3) = 0 [pid 5239] mkdir("./file0", 0777) = 0 [pid 5239] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5239] chdir("./file0") = 0 [pid 5239] ioctl(4, LOOP_CLR_FD) = 0 [pid 5239] close(4) = 0 [pid 5239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5239] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] <... futex resumed>) = 0 [pid 5238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5239] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5238] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... open resumed>) = 4 [pid 5239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5239] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5239] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5238] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5239] <... open resumed>) = 5 [pid 5239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5238] <... futex resumed>) = 0 [pid 5239] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5239] <... futex resumed>) = 0 [pid 5238] <... futex resumed>) = 1 [pid 5239] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5238] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5239] <... mmap resumed>) = 0x20000000 [pid 5238] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5239] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5238] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5240 attached => {parent_tid=[5240]}, 88) = 5240 [pid 5240] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5238] rt_sigprocmask(SIG_SETMASK, [], [pid 5240] <... rseq resumed>) = 0 [pid 5238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5240] set_robust_list(0x7f3dc0d559a0, 24 [pid 5238] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5240] <... set_robust_list resumed>) = 0 [pid 5238] <... futex resumed>) = 0 [pid 5240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5238] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5240] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5239] <... futex resumed>) = ? [pid 5238] <... futex resumed>) = ? [pid 5239] +++ killed by SIGBUS +++ [pid 5240] +++ killed by SIGBUS +++ [pid 5238] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5238, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./67", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./67/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./67/binderfs") = 0 [ 79.817730][ T5239] loop0: detected capacity change from 0 to 2048 [ 79.828580][ T5239] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./67/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./67/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./67/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./67/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./67") = 0 mkdir("./68", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5241 attached [pid 5241] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5241 [pid 5241] chdir("./68") = 0 [pid 5241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5241] setpgid(0, 0) = 0 [pid 5241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5241] write(3, "1000", 4) = 4 [pid 5241] close(3) = 0 [pid 5241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5241] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5241] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5242 attached => {parent_tid=[5242]}, 88) = 5242 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5242] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5242] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5242] memfd_create("syzkaller", 0) = 3 [pid 5242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5242] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5242] close(3) = 0 [pid 5242] mkdir("./file0", 0777) = 0 [pid 5242] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5242] chdir("./file0") = 0 [pid 5242] ioctl(4, LOOP_CLR_FD) = 0 [pid 5242] close(4) = 0 [pid 5242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5241] <... futex resumed>) = 0 [pid 5242] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5241] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] <... open resumed>) = 4 [pid 5242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5241] <... futex resumed>) = 0 [pid 5242] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] <... open resumed>) = 5 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5241] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5242] <... futex resumed>) = 1 [pid 5241] <... mprotect resumed>) = 0 [pid 5242] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[5243]}, 88) = 5243 [pid 5241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5241] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5241] <... futex resumed>) = 0 [pid 5242] <... futex resumed>) = 0 [pid 5242] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5241] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5243 attached [pid 5243] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5243] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5243] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5243] +++ killed by SIGBUS +++ [pid 5242] <... futex resumed>) = ? [pid 5241] <... futex resumed>) = ? [pid 5242] +++ killed by SIGBUS +++ [pid 5241] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5241, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./68", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./68/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./68/binderfs") = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./68/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./68/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./68/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./68/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./68") = 0 mkdir("./69", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 79.922801][ T5242] loop0: detected capacity change from 0 to 2048 [ 79.935301][ T5242] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5244 attached , child_tidptr=0x555556218690) = 5244 [pid 5244] set_robust_list(0x5555562186a0, 24) = 0 [pid 5244] chdir("./69") = 0 [pid 5244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5244] setpgid(0, 0) = 0 [pid 5244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5244] write(3, "1000", 4) = 4 [pid 5244] close(3) = 0 [pid 5244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5244] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5244] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5245 attached => {parent_tid=[5245]}, 88) = 5245 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5244] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5245] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5245] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5245] memfd_create("syzkaller", 0) = 3 [pid 5245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5245] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5245] close(3) = 0 [pid 5245] mkdir("./file0", 0777) = 0 [pid 5245] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5245] chdir("./file0") = 0 [pid 5245] ioctl(4, LOOP_CLR_FD) = 0 [pid 5245] close(4) = 0 [pid 5245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 0 [pid 5244] <... futex resumed>) = 1 [pid 5245] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5244] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] <... open resumed>) = 4 [pid 5245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5245] <... futex resumed>) = 1 [pid 5244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... futex resumed>) = 1 [pid 5244] <... futex resumed>) = 0 [pid 5245] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5244] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5245] <... mmap resumed>) = 0x20000000 [pid 5244] <... futex resumed>) = 0 [pid 5244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5244] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5245] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5246 attached => {parent_tid=[5246]}, 88) = 5246 [pid 5246] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5244] rt_sigprocmask(SIG_SETMASK, [], [pid 5246] <... rseq resumed>) = 0 [pid 5244] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5246] set_robust_list(0x7f3dc0d559a0, 24 [pid 5244] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5246] <... set_robust_list resumed>) = 0 [pid 5246] rt_sigprocmask(SIG_SETMASK, [], [pid 5244] <... futex resumed>) = 0 [pid 5246] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5244] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5246] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5245] <... futex resumed>) = ? [pid 5245] +++ killed by SIGBUS +++ [pid 5244] <... futex resumed>) = ? [pid 5246] +++ killed by SIGBUS +++ [pid 5244] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5244, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./69", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./69/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./69/binderfs") = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./69/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./69/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./69/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./69/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./69") = 0 mkdir("./70", 0777) = 0 [ 80.037409][ T5245] loop0: detected capacity change from 0 to 2048 [ 80.049490][ T5245] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5247 attached , child_tidptr=0x555556218690) = 5247 [pid 5247] set_robust_list(0x5555562186a0, 24) = 0 [pid 5247] chdir("./70") = 0 [pid 5247] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5247] setpgid(0, 0) = 0 [pid 5247] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5247] write(3, "1000", 4) = 4 [pid 5247] close(3) = 0 [pid 5247] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5247] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5247] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5247] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5247] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5248 attached [pid 5248] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5247] <... clone3 resumed> => {parent_tid=[5248]}, 88) = 5248 [pid 5248] <... rseq resumed>) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5248] set_robust_list(0x7f3dc90769a0, 24 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5248] <... set_robust_list resumed>) = 0 [pid 5247] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5248] memfd_create("syzkaller", 0) = 3 [pid 5248] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5248] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5248] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5248] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5248] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5248] close(3) = 0 [pid 5248] mkdir("./file0", 0777) = 0 [pid 5248] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5248] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5248] chdir("./file0") = 0 [pid 5248] ioctl(4, LOOP_CLR_FD) = 0 [pid 5248] close(4) = 0 [pid 5248] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5248] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5247] <... futex resumed>) = 0 [pid 5247] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... open resumed>) = 4 [pid 5248] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5247] <... futex resumed>) = 0 [pid 5248] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5247] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5248] <... open resumed>) = 5 [pid 5248] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5247] <... futex resumed>) = 0 [pid 5248] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... futex resumed>) = 0 [pid 5247] <... futex resumed>) = 1 [pid 5248] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5247] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5248] <... mmap resumed>) = 0x20000000 [pid 5248] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5247] <... futex resumed>) = 0 [pid 5248] <... futex resumed>) = 0 [pid 5247] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5248] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5247] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5247] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5247] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5247] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5249 attached => {parent_tid=[5249]}, 88) = 5249 [pid 5249] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5247] rt_sigprocmask(SIG_SETMASK, [], [pid 5249] set_robust_list(0x7f3dc0d559a0, 24 [pid 5247] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5249] <... set_robust_list resumed>) = 0 [pid 5247] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5249] rt_sigprocmask(SIG_SETMASK, [], [pid 5247] <... futex resumed>) = 0 [pid 5249] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5247] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5249] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5247] <... futex resumed>) = ? [pid 5248] <... futex resumed>) = ? [pid 5248] +++ killed by SIGBUS +++ [pid 5249] +++ killed by SIGBUS +++ [pid 5247] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5247, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./70", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./70/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./70/binderfs") = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./70/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./70/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./70/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./70/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./70") = 0 mkdir("./71", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5250 attached , child_tidptr=0x555556218690) = 5250 [pid 5250] set_robust_list(0x5555562186a0, 24) = 0 [pid 5250] chdir("./71") = 0 [pid 5250] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5250] setpgid(0, 0) = 0 [pid 5250] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5250] write(3, "1000", 4) = 4 [pid 5250] close(3) = 0 [pid 5250] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5250] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 80.127617][ T5248] loop0: detected capacity change from 0 to 2048 [ 80.141660][ T5248] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5250] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5250] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5250] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5251 attached [pid 5251] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5250] <... clone3 resumed> => {parent_tid=[5251]}, 88) = 5251 [pid 5251] <... rseq resumed>) = 0 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], [pid 5251] set_robust_list(0x7f3dc90769a0, 24 [pid 5250] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5251] <... set_robust_list resumed>) = 0 [pid 5250] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5250] <... futex resumed>) = 0 [pid 5251] memfd_create("syzkaller", 0 [pid 5250] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5251] <... memfd_create resumed>) = 3 [pid 5251] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5251] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5251] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5251] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5251] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5251] close(3) = 0 [pid 5251] mkdir("./file0", 0777) = 0 [pid 5251] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5251] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5251] chdir("./file0") = 0 [pid 5251] ioctl(4, LOOP_CLR_FD) = 0 [pid 5251] close(4) = 0 [pid 5251] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5250] <... futex resumed>) = 0 [pid 5251] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5250] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... open resumed>) = 4 [pid 5251] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5251] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] <... futex resumed>) = 1 [pid 5250] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5250] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5251] <... futex resumed>) = 0 [pid 5251] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5250] <... futex resumed>) = 1 [pid 5251] <... open resumed>) = 5 [pid 5250] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5251] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5250] <... futex resumed>) = 0 [pid 5250] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5250] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5251] <... futex resumed>) = 1 [pid 5251] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0x7f3dc0d35000 [pid 5250] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5251] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5251] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5250] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5250] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5252 attached => {parent_tid=[5252]}, 88) = 5252 [pid 5250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5250] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5252] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5250] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5252] <... rseq resumed>) = 0 [pid 5252] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5252] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5251] <... futex resumed>) = ? [pid 5250] <... futex resumed>) = ? [pid 5252] +++ killed by SIGBUS +++ [pid 5251] +++ killed by SIGBUS +++ [pid 5250] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5250, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./71", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./71/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./71/binderfs") = 0 [ 80.216640][ T5251] loop0: detected capacity change from 0 to 2048 [ 80.230828][ T5251] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./71/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./71/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./71/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./71/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./71") = 0 mkdir("./72", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5253 attached , child_tidptr=0x555556218690) = 5253 [pid 5253] set_robust_list(0x5555562186a0, 24) = 0 [pid 5253] chdir("./72") = 0 [pid 5253] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5253] setpgid(0, 0) = 0 [pid 5253] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5253] write(3, "1000", 4) = 4 [pid 5253] close(3) = 0 [pid 5253] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5253] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5253] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5253] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5253] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5254 attached [pid 5254] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5253] <... clone3 resumed> => {parent_tid=[5254]}, 88) = 5254 [pid 5254] <... rseq resumed>) = 0 [pid 5254] set_robust_list(0x7f3dc90769a0, 24 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], [pid 5254] <... set_robust_list resumed>) = 0 [pid 5253] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5253] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] rt_sigprocmask(SIG_SETMASK, [], [pid 5253] <... futex resumed>) = 0 [pid 5254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5254] memfd_create("syzkaller", 0 [pid 5253] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5254] <... memfd_create resumed>) = 3 [pid 5254] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5254] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5254] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5254] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5254] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5254] close(3) = 0 [pid 5254] mkdir("./file0", 0777) = 0 [pid 5254] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5254] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5254] chdir("./file0") = 0 [pid 5254] ioctl(4, LOOP_CLR_FD) = 0 [pid 5254] close(4) = 0 [pid 5254] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5254] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5253] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... open resumed>) = 4 [pid 5254] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5254] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] <... futex resumed>) = 0 [pid 5253] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5254] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5253] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5254] <... open resumed>) = 5 [pid 5254] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5253] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5254] <... futex resumed>) = 0 [pid 5254] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5253] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5254] <... futex resumed>) = 0 [pid 5253] <... futex resumed>) = 1 [pid 5254] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5253] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5253] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5253] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5255 attached [pid 5255] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5253] <... clone3 resumed> => {parent_tid=[5255]}, 88) = 5255 [pid 5253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5253] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5253] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5255] <... rseq resumed>) = 0 [pid 5255] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5255] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5253] <... futex resumed>) = ? [pid 5254] <... futex resumed>) = ? [pid 5255] +++ killed by SIGBUS +++ [pid 5254] +++ killed by SIGBUS +++ [pid 5253] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5253, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./72", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./72", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./72/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./72/binderfs") = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./72/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./72/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 80.333576][ T5254] loop0: detected capacity change from 0 to 2048 [ 80.344026][ T5254] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./72/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./72/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./72") = 0 mkdir("./73", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5256 attached , child_tidptr=0x555556218690) = 5256 [pid 5256] set_robust_list(0x5555562186a0, 24) = 0 [pid 5256] chdir("./73") = 0 [pid 5256] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5256] setpgid(0, 0) = 0 [pid 5256] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5256] write(3, "1000", 4) = 4 [pid 5256] close(3) = 0 [pid 5256] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5256] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5256] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5256] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5257 attached [pid 5257] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5256] <... clone3 resumed> => {parent_tid=[5257]}, 88) = 5257 [pid 5257] set_robust_list(0x7f3dc90769a0, 24 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], [pid 5257] <... set_robust_list resumed>) = 0 [pid 5257] rt_sigprocmask(SIG_SETMASK, [], [pid 5256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5257] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5257] memfd_create("syzkaller", 0) = 3 [pid 5257] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5256] <... futex resumed>) = 1 [pid 5256] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5257] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5257] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5257] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5257] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5257] close(3) = 0 [pid 5257] mkdir("./file0", 0777) = 0 [pid 5257] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5257] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5257] chdir("./file0") = 0 [pid 5257] ioctl(4, LOOP_CLR_FD) = 0 [pid 5257] close(4) = 0 [pid 5257] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5256] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... open resumed>) = 4 [pid 5257] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5256] <... futex resumed>) = 0 [pid 5257] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] <... futex resumed>) = 0 [pid 5256] <... futex resumed>) = 1 [pid 5257] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5256] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5257] <... open resumed>) = 5 [pid 5257] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] <... futex resumed>) = 0 [pid 5256] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5257] <... futex resumed>) = 0 [pid 5256] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5257] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5256] <... futex resumed>) = 0 [pid 5257] <... mmap resumed>) = 0x20000000 [pid 5256] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5257] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5257] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5256] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5256] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5256] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5258 attached => {parent_tid=[5258]}, 88) = 5258 [pid 5256] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5256] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5256] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5258] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5258] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5258] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5257] <... futex resumed>) = ? [pid 5257] +++ killed by SIGBUS +++ [pid 5256] <... futex resumed>) = ? [pid 5258] +++ killed by SIGBUS +++ [pid 5256] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5256, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./73", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./73/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./73/binderfs") = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./73/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./73/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./73/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./73/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./73") = 0 mkdir("./74", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5259 attached , child_tidptr=0x555556218690) = 5259 [pid 5259] set_robust_list(0x5555562186a0, 24) = 0 [ 80.455358][ T5257] loop0: detected capacity change from 0 to 2048 [ 80.466819][ T5257] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5259] chdir("./74") = 0 [pid 5259] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5259] setpgid(0, 0) = 0 [pid 5259] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5259] write(3, "1000", 4) = 4 [pid 5259] close(3) = 0 [pid 5259] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5259] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5259] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5259] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5260 attached => {parent_tid=[5260]}, 88) = 5260 [pid 5260] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5260] <... rseq resumed>) = 0 [pid 5260] set_robust_list(0x7f3dc90769a0, 24 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5260] <... set_robust_list resumed>) = 0 [pid 5260] rt_sigprocmask(SIG_SETMASK, [], [pid 5259] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5259] <... futex resumed>) = 0 [pid 5260] memfd_create("syzkaller", 0 [pid 5259] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5260] <... memfd_create resumed>) = 3 [pid 5260] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5260] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5260] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5260] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5260] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5260] close(3) = 0 [pid 5260] mkdir("./file0", 0777) = 0 [pid 5260] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5260] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5260] chdir("./file0") = 0 [pid 5260] ioctl(4, LOOP_CLR_FD) = 0 [pid 5260] close(4) = 0 [pid 5260] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] <... futex resumed>) = 0 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5259] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... open resumed>) = 4 [pid 5260] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5260] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... futex resumed>) = 0 [pid 5260] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5259] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5259] <... futex resumed>) = 0 [pid 5260] <... open resumed>) = 5 [pid 5259] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... futex resumed>) = 1 [pid 5259] <... futex resumed>) = 0 [pid 5260] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5259] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5260] <... mmap resumed>) = 0x20000000 [pid 5259] <... futex resumed>) = 0 [pid 5259] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5260] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5259] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5260] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5259] <... mprotect resumed>) = 0 [pid 5259] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5259] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5261 attached [pid 5261] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5259] <... clone3 resumed> => {parent_tid=[5261]}, 88) = 5261 [pid 5261] <... rseq resumed>) = 0 [pid 5259] rt_sigprocmask(SIG_SETMASK, [], [pid 5261] set_robust_list(0x7f3dc0d559a0, 24 [pid 5259] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5261] <... set_robust_list resumed>) = 0 [pid 5259] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5259] <... futex resumed>) = 0 [pid 5261] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5259] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5260] <... futex resumed>) = ? [pid 5261] +++ killed by SIGBUS +++ [pid 5260] +++ killed by SIGBUS +++ [pid 5259] <... futex resumed>) = ? [pid 5259] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5259, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./74", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./74/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./74/binderfs") = 0 [ 80.547115][ T5260] loop0: detected capacity change from 0 to 2048 [ 80.562692][ T5260] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./74/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./74/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./74/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./74/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./74") = 0 mkdir("./75", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5262 ./strace-static-x86_64: Process 5262 attached [pid 5262] set_robust_list(0x5555562186a0, 24) = 0 [pid 5262] chdir("./75") = 0 [pid 5262] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5262] setpgid(0, 0) = 0 [pid 5262] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5262] write(3, "1000", 4) = 4 [pid 5262] close(3) = 0 [pid 5262] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5262] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5262] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5262] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5263]}, 88) = 5263 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5262] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5263 attached [pid 5263] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5263] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5263] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5263] memfd_create("syzkaller", 0) = 3 [pid 5263] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5263] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5263] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5263] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5263] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5263] close(3) = 0 [pid 5263] mkdir("./file0", 0777) = 0 [pid 5263] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5263] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5263] chdir("./file0") = 0 [pid 5263] ioctl(4, LOOP_CLR_FD) = 0 [pid 5263] close(4) = 0 [pid 5263] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5262] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5263] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5262] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... open resumed>) = 4 [pid 5263] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5262] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5263] <... open resumed>) = 5 [pid 5263] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5262] <... futex resumed>) = 0 [pid 5263] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... futex resumed>) = 0 [pid 5262] <... futex resumed>) = 1 [pid 5263] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5262] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5263] <... mmap resumed>) = 0x20000000 [pid 5262] <... futex resumed>) = 0 [pid 5262] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5263] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5262] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5262] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5263] <... futex resumed>) = 0 [pid 5263] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5262] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5262] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5264]}, 88) = 5264 [pid 5262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5262] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5262] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5264 attached [pid 5264] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5264] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5264] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5264] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5263] <... futex resumed>) = ? [pid 5262] <... futex resumed>) = ? [pid 5264] +++ killed by SIGBUS +++ [pid 5263] +++ killed by SIGBUS +++ [pid 5262] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5262, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./75", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./75/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 80.653125][ T5263] loop0: detected capacity change from 0 to 2048 [ 80.664866][ T5263] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./75/binderfs") = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./75/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./75/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./75/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./75/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./75") = 0 mkdir("./76", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5265 ./strace-static-x86_64: Process 5265 attached [pid 5265] set_robust_list(0x5555562186a0, 24) = 0 [pid 5265] chdir("./76") = 0 [pid 5265] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5265] setpgid(0, 0) = 0 [pid 5265] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5265] write(3, "1000", 4) = 4 [pid 5265] close(3) = 0 [pid 5265] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5265] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5265] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5265] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5266 attached => {parent_tid=[5266]}, 88) = 5266 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5265] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5266] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5266] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5266] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5266] memfd_create("syzkaller", 0) = 3 [pid 5266] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5266] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5266] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5266] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5266] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5266] close(3) = 0 [pid 5266] mkdir("./file0", 0777) = 0 [pid 5266] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5266] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5266] chdir("./file0") = 0 [pid 5266] ioctl(4, LOOP_CLR_FD) = 0 [pid 5266] close(4) = 0 [pid 5266] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5265] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] <... open resumed>) = 4 [pid 5266] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5266] <... futex resumed>) = 0 [pid 5266] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5265] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5266] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5265] <... futex resumed>) = 0 [pid 5265] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5266] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5265] <... futex resumed>) = 0 [pid 5266] <... mmap resumed>) = 0x20000000 [pid 5265] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5265] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5266] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5266] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5265] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5265] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5267]}, 88) = 5267 [pid 5265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5265] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5265] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5267 attached [pid 5267] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5267] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5267] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5265] <... futex resumed>) = ? [pid 5266] <... futex resumed>) = ? [pid 5267] +++ killed by SIGBUS +++ [pid 5266] +++ killed by SIGBUS +++ [pid 5265] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5265, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./76", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./76/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./76/binderfs") = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./76/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./76/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./76/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./76/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 80.761679][ T5266] loop0: detected capacity change from 0 to 2048 [ 80.772808][ T5266] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./76") = 0 mkdir("./77", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5268 ./strace-static-x86_64: Process 5268 attached [pid 5268] set_robust_list(0x5555562186a0, 24) = 0 [pid 5268] chdir("./77") = 0 [pid 5268] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5268] setpgid(0, 0) = 0 [pid 5268] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5268] write(3, "1000", 4) = 4 [pid 5268] close(3) = 0 [pid 5268] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5268] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5268] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5268] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5269 attached => {parent_tid=[5269]}, 88) = 5269 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5269] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5269] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5269] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5269] memfd_create("syzkaller", 0) = 3 [pid 5269] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5269] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5269] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5269] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5269] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5269] close(3) = 0 [pid 5269] mkdir("./file0", 0777) = 0 [pid 5269] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5269] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5269] chdir("./file0") = 0 [pid 5269] ioctl(4, LOOP_CLR_FD) = 0 [pid 5269] close(4) = 0 [pid 5269] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] <... futex resumed>) = 0 [pid 5269] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5268] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... open resumed>) = 4 [pid 5269] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5269] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = 1 [pid 5269] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5269] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5269] <... futex resumed>) = 0 [pid 5268] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5269] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5268] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5269] <... mmap resumed>) = 0x20000000 [pid 5268] <... futex resumed>) = 0 [pid 5268] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5269] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5268] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5269] <... futex resumed>) = 0 [pid 5268] <... mprotect resumed>) = 0 [pid 5269] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5268] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5268] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5270]}, 88) = 5270 [pid 5268] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5268] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5268] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5270 attached [pid 5270] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5270] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5270] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5269] <... futex resumed>) = ? [pid 5269] +++ killed by SIGBUS +++ [pid 5270] +++ killed by SIGBUS +++ [pid 5268] <... futex resumed>) = ? [pid 5268] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5268, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./77", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./77/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./77/binderfs") = 0 [ 80.867020][ T5269] loop0: detected capacity change from 0 to 2048 [ 80.878338][ T5269] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./77/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./77/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./77/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./77/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./77") = 0 mkdir("./78", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5271 attached , child_tidptr=0x555556218690) = 5271 [pid 5271] set_robust_list(0x5555562186a0, 24) = 0 [pid 5271] chdir("./78") = 0 [pid 5271] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5271] setpgid(0, 0) = 0 [pid 5271] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5271] write(3, "1000", 4) = 4 [pid 5271] close(3) = 0 [pid 5271] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5271] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5271] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5271] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5272]}, 88) = 5272 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5271] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5272 attached [pid 5272] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5272] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5272] memfd_create("syzkaller", 0) = 3 [pid 5272] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5272] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5272] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5272] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5272] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5272] close(3) = 0 [pid 5272] mkdir("./file0", 0777) = 0 [pid 5272] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5272] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5272] chdir("./file0") = 0 [pid 5272] ioctl(4, LOOP_CLR_FD) = 0 [pid 5272] close(4) = 0 [pid 5272] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5272] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5271] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5271] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... open resumed>) = 4 [pid 5272] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5272] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5271] <... futex resumed>) = 0 [pid 5272] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5271] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5272] <... open resumed>) = 5 [pid 5272] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5271] <... futex resumed>) = 0 [pid 5272] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5271] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... mmap resumed>) = 0x20000000 [pid 5271] <... futex resumed>) = 0 [pid 5272] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5271] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5272] <... futex resumed>) = 0 [pid 5271] <... futex resumed>) = 0 [pid 5272] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5271] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5271] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5271] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5271] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5273 attached [pid 5273] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5271] <... clone3 resumed> => {parent_tid=[5273]}, 88) = 5273 [pid 5273] <... rseq resumed>) = 0 [pid 5271] rt_sigprocmask(SIG_SETMASK, [], [pid 5273] set_robust_list(0x7f3dc0d559a0, 24 [pid 5271] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5273] <... set_robust_list resumed>) = 0 [pid 5273] rt_sigprocmask(SIG_SETMASK, [], [pid 5271] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5273] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5271] <... futex resumed>) = 0 [pid 5273] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5271] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5272] <... futex resumed>) = ? [pid 5272] +++ killed by SIGBUS +++ [pid 5273] +++ killed by SIGBUS +++ [pid 5271] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5271, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./78", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./78/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./78/binderfs") = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./78/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./78/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./78/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 80.986429][ T5272] loop0: detected capacity change from 0 to 2048 [ 80.997432][ T5272] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./78/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./78") = 0 mkdir("./79", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5274 attached , child_tidptr=0x555556218690) = 5274 [pid 5274] set_robust_list(0x5555562186a0, 24) = 0 [pid 5274] chdir("./79") = 0 [pid 5274] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5274] setpgid(0, 0) = 0 [pid 5274] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5274] write(3, "1000", 4) = 4 [pid 5274] close(3) = 0 [pid 5274] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5274] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5274] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5274] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5275]}, 88) = 5275 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5275 attached [pid 5275] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5275] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5275] memfd_create("syzkaller", 0) = 3 [pid 5275] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5275] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5275] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5275] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5275] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5275] close(3) = 0 [pid 5275] mkdir("./file0", 0777) = 0 [pid 5275] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5275] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5275] chdir("./file0") = 0 [pid 5275] ioctl(4, LOOP_CLR_FD) = 0 [pid 5275] close(4) = 0 [pid 5275] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5275] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5274] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... open resumed>) = 4 [pid 5275] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5275] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5275] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5274] <... futex resumed>) = 0 [pid 5275] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5275] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5274] <... futex resumed>) = 0 [pid 5275] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5274] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5275] <... mmap resumed>) = 0x20000000 [pid 5274] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5275] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5274] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5275] <... futex resumed>) = 0 [pid 5275] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5274] <... mprotect resumed>) = 0 [pid 5274] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5274] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5276]}, 88) = 5276 [pid 5274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5274] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5274] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5276 attached [pid 5276] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5276] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5276] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5275] <... futex resumed>) = ? [pid 5275] +++ killed by SIGBUS +++ [pid 5274] <... futex resumed>) = ? [pid 5276] +++ killed by SIGBUS +++ [pid 5274] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5274, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./79", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./79/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./79/binderfs") = 0 [ 81.084059][ T5275] loop0: detected capacity change from 0 to 2048 [ 81.102735][ T5275] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./79/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./79/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./79/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./79/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./79") = 0 mkdir("./80", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5277 attached , child_tidptr=0x555556218690) = 5277 [pid 5277] set_robust_list(0x5555562186a0, 24) = 0 [pid 5277] chdir("./80") = 0 [pid 5277] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5277] setpgid(0, 0) = 0 [pid 5277] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5277] write(3, "1000", 4) = 4 [pid 5277] close(3) = 0 [pid 5277] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5277] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5277] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5277] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5278 attached [pid 5278] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5277] <... clone3 resumed> => {parent_tid=[5278]}, 88) = 5278 [pid 5278] <... rseq resumed>) = 0 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5278] set_robust_list(0x7f3dc90769a0, 24 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5278] <... set_robust_list resumed>) = 0 [pid 5277] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] rt_sigprocmask(SIG_SETMASK, [], [pid 5277] <... futex resumed>) = 0 [pid 5278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5277] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5278] memfd_create("syzkaller", 0) = 3 [pid 5278] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5278] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5278] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5278] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5278] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5278] close(3) = 0 [pid 5278] mkdir("./file0", 0777) = 0 [pid 5278] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5278] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5278] chdir("./file0") = 0 [pid 5278] ioctl(4, LOOP_CLR_FD) = 0 [pid 5278] close(4) = 0 [pid 5278] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5278] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] <... futex resumed>) = 0 [pid 5277] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5278] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5277] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... open resumed>) = 4 [pid 5278] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = 0 [pid 5277] <... futex resumed>) = 1 [pid 5278] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5277] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5278] <... open resumed>) = 5 [pid 5278] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5277] <... futex resumed>) = 0 [pid 5278] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5278] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5277] <... futex resumed>) = 0 [pid 5278] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5277] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5277] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5278] <... mmap resumed>) = 0x20000000 [pid 5277] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5278] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5278] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5277] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5277] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5277] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5279 attached => {parent_tid=[5279]}, 88) = 5279 [pid 5277] rt_sigprocmask(SIG_SETMASK, [], [pid 5279] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5279] <... rseq resumed>) = 0 [pid 5277] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5279] set_robust_list(0x7f3dc0d559a0, 24 [pid 5277] <... futex resumed>) = 0 [pid 5279] <... set_robust_list resumed>) = 0 [pid 5277] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5279] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5277] <... futex resumed>) = ? [pid 5278] <... futex resumed>) = ? [pid 5278] +++ killed by SIGBUS +++ [pid 5279] +++ killed by SIGBUS +++ [pid 5277] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5277, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./80", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./80/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./80/binderfs") = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./80/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./80/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./80/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 81.215558][ T5278] loop0: detected capacity change from 0 to 2048 [ 81.227358][ T5278] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./80/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./80") = 0 mkdir("./81", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5280 attached , child_tidptr=0x555556218690) = 5280 [pid 5280] set_robust_list(0x5555562186a0, 24) = 0 [pid 5280] chdir("./81") = 0 [pid 5280] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5280] setpgid(0, 0) = 0 [pid 5280] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5280] write(3, "1000", 4) = 4 [pid 5280] close(3) = 0 [pid 5280] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5280] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5280] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5280] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5280] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5281]}, 88) = 5281 [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5280] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5281 attached [pid 5281] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5281] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5281] memfd_create("syzkaller", 0) = 3 [pid 5281] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5281] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5281] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5281] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5281] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5281] close(3) = 0 [pid 5281] mkdir("./file0", 0777) = 0 [pid 5281] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5281] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5281] chdir("./file0") = 0 [pid 5281] ioctl(4, LOOP_CLR_FD) = 0 [pid 5281] close(4) = 0 [pid 5281] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5281] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5281] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] <... futex resumed>) = 1 [pid 5280] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5280] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] <... futex resumed>) = 0 [pid 5281] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5280] <... futex resumed>) = 1 [pid 5281] <... open resumed>) = 5 [pid 5280] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5281] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5280] <... futex resumed>) = 0 [pid 5280] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] <... futex resumed>) = 1 [pid 5280] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5281] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5280] <... futex resumed>) = 0 [pid 5280] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5281] <... mmap resumed>) = 0x20000000 [pid 5281] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5281] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5280] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5280] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5280] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5282]}, 88) = 5282 ./strace-static-x86_64: Process 5282 attached [pid 5280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5280] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5280] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5282] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5282] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5282] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5281] <... futex resumed>) = ? [pid 5280] <... futex resumed>) = ? [pid 5282] +++ killed by SIGBUS +++ [pid 5281] +++ killed by SIGBUS +++ [pid 5280] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5280, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./81", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./81/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./81/binderfs") = 0 [ 81.321451][ T5281] loop0: detected capacity change from 0 to 2048 [ 81.340463][ T5281] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./81/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./81/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./81/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./81/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./81") = 0 mkdir("./82", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5283 attached , child_tidptr=0x555556218690) = 5283 [pid 5283] set_robust_list(0x5555562186a0, 24) = 0 [pid 5283] chdir("./82") = 0 [pid 5283] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5283] setpgid(0, 0) = 0 [pid 5283] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5283] write(3, "1000", 4) = 4 [pid 5283] close(3) = 0 [pid 5283] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5283] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5283] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5283] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5283] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5284 attached => {parent_tid=[5284]}, 88) = 5284 [pid 5284] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5284] <... rseq resumed>) = 0 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5284] set_robust_list(0x7f3dc90769a0, 24 [pid 5283] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... set_robust_list resumed>) = 0 [pid 5284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5284] memfd_create("syzkaller", 0 [pid 5283] <... futex resumed>) = 0 [pid 5284] <... memfd_create resumed>) = 3 [pid 5283] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5284] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5284] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5284] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5284] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5284] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5284] close(3) = 0 [pid 5284] mkdir("./file0", 0777) = 0 [pid 5284] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5284] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5284] chdir("./file0") = 0 [pid 5284] ioctl(4, LOOP_CLR_FD) = 0 [pid 5284] close(4) = 0 [pid 5284] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5284] <... futex resumed>) = 0 [pid 5283] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5284] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5284] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5283] <... futex resumed>) = 0 [pid 5283] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] <... open resumed>) = 5 [pid 5284] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5283] <... futex resumed>) = 0 [pid 5284] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5283] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5284] <... futex resumed>) = 0 [pid 5283] <... futex resumed>) = 1 [pid 5283] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5284] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5283] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5284] <... mmap resumed>) = 0x20000000 [pid 5283] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5283] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5283] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5285 attached => {parent_tid=[5285]}, 88) = 5285 [pid 5285] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5283] rt_sigprocmask(SIG_SETMASK, [], [pid 5285] set_robust_list(0x7f3dc0d559a0, 24 [pid 5283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5285] <... set_robust_list resumed>) = 0 [pid 5283] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5283] <... futex resumed>) = 0 [pid 5285] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5283] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5284] +++ killed by SIGBUS +++ [pid 5285] +++ killed by SIGBUS +++ [pid 5283] <... futex resumed>) = ? [pid 5283] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5283, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./82", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./82/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./82/binderfs") = 0 [ 81.454984][ T5284] loop0: detected capacity change from 0 to 2048 [ 81.466261][ T5284] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./82/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./82/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./82/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./82/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./82") = 0 mkdir("./83", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5286 attached [pid 5286] set_robust_list(0x5555562186a0, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5286 [pid 5286] <... set_robust_list resumed>) = 0 [pid 5286] chdir("./83") = 0 [pid 5286] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5286] setpgid(0, 0) = 0 [pid 5286] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5286] write(3, "1000", 4) = 4 [pid 5286] close(3) = 0 [pid 5286] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5286] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5286] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5286] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5287 attached => {parent_tid=[5287]}, 88) = 5287 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5286] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5287] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5287] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5287] memfd_create("syzkaller", 0) = 3 [pid 5287] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5287] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5287] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5287] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5287] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5287] close(3) = 0 [pid 5287] mkdir("./file0", 0777) = 0 [pid 5287] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5287] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5287] chdir("./file0") = 0 [pid 5287] ioctl(4, LOOP_CLR_FD) = 0 [pid 5287] close(4) = 0 [pid 5287] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5286] <... futex resumed>) = 0 [pid 5287] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5286] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] <... open resumed>) = 4 [pid 5287] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5287] <... futex resumed>) = 1 [pid 5286] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5287] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5286] <... futex resumed>) = 0 [pid 5287] <... open resumed>) = 5 [pid 5286] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5287] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5286] <... futex resumed>) = 0 [pid 5286] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5287] <... futex resumed>) = 1 [pid 5286] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5287] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5286] <... mprotect resumed>) = 0 [pid 5287] <... mmap resumed>) = 0x20000000 [pid 5286] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5286] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5287] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5287] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5286] <... clone3 resumed> => {parent_tid=[5288]}, 88) = 5288 [pid 5286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5286] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5286] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5288 attached [pid 5288] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5288] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5288] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5286] <... futex resumed>) = ? [pid 5288] +++ killed by SIGBUS +++ [pid 5287] <... futex resumed>) = ? [pid 5287] +++ killed by SIGBUS +++ [pid 5286] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5286, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./83", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./83/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./83/binderfs") = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./83/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./83/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./83/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./83/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./83") = 0 mkdir("./84", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5289 [ 81.586580][ T5287] loop0: detected capacity change from 0 to 2048 [ 81.598035][ T5287] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ./strace-static-x86_64: Process 5289 attached [pid 5289] set_robust_list(0x5555562186a0, 24) = 0 [pid 5289] chdir("./84") = 0 [pid 5289] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5289] setpgid(0, 0) = 0 [pid 5289] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5289] write(3, "1000", 4) = 4 [pid 5289] close(3) = 0 [pid 5289] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5289] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5289] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5289] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5289] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5289] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5290]}, 88) = 5290 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5289] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5290 attached [pid 5290] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5290] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5290] memfd_create("syzkaller", 0) = 3 [pid 5290] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5290] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5290] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5290] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5290] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5290] close(3) = 0 [pid 5290] mkdir("./file0", 0777) = 0 [pid 5290] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5290] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5290] chdir("./file0") = 0 [pid 5290] ioctl(4, LOOP_CLR_FD) = 0 [pid 5290] close(4) = 0 [pid 5290] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5290] <... futex resumed>) = 1 [pid 5289] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5289] <... futex resumed>) = 0 [pid 5290] <... open resumed>) = 4 [pid 5289] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5289] <... futex resumed>) = 0 [pid 5290] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5289] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5290] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5289] <... futex resumed>) = 0 [pid 5290] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5289] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] <... open resumed>) = 5 [pid 5290] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5289] <... futex resumed>) = 0 [pid 5289] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5289] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5290] <... futex resumed>) = 1 [pid 5289] <... mprotect resumed>) = 0 [pid 5290] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[5291]}, 88) = 5291 [pid 5289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5289] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5289] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5290] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5290] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5291 attached [pid 5291] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5291] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5291] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5290] <... futex resumed>) = ? [pid 5291] +++ killed by SIGBUS +++ [pid 5290] +++ killed by SIGBUS +++ [pid 5289] <... futex resumed>) = ? [pid 5289] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5289, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./84", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./84/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./84/binderfs") = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./84/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./84/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./84/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./84/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./84") = 0 mkdir("./85", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5292 attached , child_tidptr=0x555556218690) = 5292 [pid 5292] set_robust_list(0x5555562186a0, 24) = 0 [pid 5292] chdir("./85") = 0 [pid 5292] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5292] setpgid(0, 0) = 0 [pid 5292] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5292] write(3, "1000", 4) = 4 [pid 5292] close(3) = 0 [pid 5292] symlink("/dev/binderfs", "./binderfs") = 0 [ 81.694520][ T5290] loop0: detected capacity change from 0 to 2048 [ 81.705704][ T5290] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5292] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5292] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5292] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5293 attached => {parent_tid=[5293]}, 88) = 5293 [pid 5293] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] set_robust_list(0x7f3dc90769a0, 24 [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... set_robust_list resumed>) = 0 [pid 5293] rt_sigprocmask(SIG_SETMASK, [], [pid 5292] <... futex resumed>) = 0 [pid 5293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5292] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5293] memfd_create("syzkaller", 0) = 3 [pid 5293] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5293] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5293] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5293] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5293] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5293] close(3) = 0 [pid 5293] mkdir("./file0", 0777) = 0 [pid 5293] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5293] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5293] chdir("./file0") = 0 [pid 5293] ioctl(4, LOOP_CLR_FD) = 0 [pid 5293] close(4) = 0 [pid 5293] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5292] <... futex resumed>) = 0 [pid 5293] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5292] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5293] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5292] <... futex resumed>) = 0 [pid 5293] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5292] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... open resumed>) = 4 [pid 5293] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] <... futex resumed>) = 1 [pid 5293] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5293] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5292] <... futex resumed>) = 0 [pid 5292] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5292] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5292] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5292] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5293] <... futex resumed>) = 1 [pid 5292] <... clone3 resumed> => {parent_tid=[5294]}, 88) = 5294 [pid 5292] rt_sigprocmask(SIG_SETMASK, [], [pid 5293] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5292] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5293] <... mmap resumed>) = 0x20000000 [pid 5292] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5292] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5293] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5293] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5294 attached [pid 5294] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5294] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5294] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5294] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5293] <... futex resumed>) = ? [pid 5292] <... futex resumed>) = ? [pid 5294] +++ killed by SIGBUS +++ [pid 5293] +++ killed by SIGBUS +++ [ 81.779223][ T5293] loop0: detected capacity change from 0 to 2048 [ 81.794832][ T5293] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5292] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5292, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./85", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./85/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./85/binderfs") = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./85/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./85/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./85/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./85/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./85") = 0 mkdir("./86", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5295 ./strace-static-x86_64: Process 5295 attached [pid 5295] set_robust_list(0x5555562186a0, 24) = 0 [pid 5295] chdir("./86") = 0 [pid 5295] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5295] setpgid(0, 0) = 0 [pid 5295] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5295] write(3, "1000", 4) = 4 [pid 5295] close(3) = 0 [pid 5295] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5295] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5295] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5295] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5295] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5296 attached => {parent_tid=[5296]}, 88) = 5296 [pid 5296] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5296] <... rseq resumed>) = 0 [pid 5295] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] set_robust_list(0x7f3dc90769a0, 24 [pid 5295] <... futex resumed>) = 0 [pid 5296] <... set_robust_list resumed>) = 0 [pid 5296] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5296] memfd_create("syzkaller", 0 [pid 5295] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5296] <... memfd_create resumed>) = 3 [pid 5296] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5296] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5296] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5296] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 81.892896][ T5296] __do_sys_memfd_create: 33 callbacks suppressed [ 81.892914][ T5296] syz-executor183[5296]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5296] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5296] close(3) = 0 [pid 5296] mkdir("./file0", 0777) = 0 [pid 5296] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5296] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5296] chdir("./file0") = 0 [pid 5296] ioctl(4, LOOP_CLR_FD) = 0 [pid 5296] close(4) = 0 [pid 5296] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5296] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = 0 [pid 5295] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5296] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5295] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... open resumed>) = 4 [pid 5296] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5296] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5295] <... futex resumed>) = 0 [pid 5296] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5296] <... futex resumed>) = 0 [pid 5296] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5295] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5296] <... futex resumed>) = 0 [pid 5295] <... futex resumed>) = 1 [pid 5296] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5296] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5295] <... futex resumed>) = 0 [pid 5296] <... futex resumed>) = 0 [pid 5295] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5296] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5295] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5295] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5295] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5295] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5297 attached [pid 5297] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5295] <... clone3 resumed> => {parent_tid=[5297]}, 88) = 5297 [pid 5297] <... rseq resumed>) = 0 [pid 5295] rt_sigprocmask(SIG_SETMASK, [], [pid 5297] set_robust_list(0x7f3dc0d559a0, 24 [pid 5295] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5297] <... set_robust_list resumed>) = 0 [pid 5295] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5297] rt_sigprocmask(SIG_SETMASK, [], [pid 5295] <... futex resumed>) = 0 [pid 5297] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5295] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5297] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5296] <... futex resumed>) = ? [pid 5295] <... futex resumed>) = ? [pid 5296] +++ killed by SIGBUS +++ [pid 5297] +++ killed by SIGBUS +++ [pid 5295] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5295, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./86", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./86/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./86/binderfs") = 0 [ 81.939347][ T5296] loop0: detected capacity change from 0 to 2048 [ 81.951933][ T5296] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./86/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./86/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./86/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./86/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./86") = 0 mkdir("./87", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5298 attached , child_tidptr=0x555556218690) = 5298 [pid 5298] set_robust_list(0x5555562186a0, 24) = 0 [pid 5298] chdir("./87") = 0 [pid 5298] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5298] setpgid(0, 0) = 0 [pid 5298] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5298] write(3, "1000", 4) = 4 [pid 5298] close(3) = 0 [pid 5298] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5298] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5298] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5298] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5299 attached => {parent_tid=[5299]}, 88) = 5299 [pid 5299] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5299] <... rseq resumed>) = 0 [pid 5299] set_robust_list(0x7f3dc90769a0, 24 [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5299] <... set_robust_list resumed>) = 0 [pid 5299] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5299] memfd_create("syzkaller", 0) = 3 [pid 5299] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5299] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5299] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5299] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5299] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5299] close(3) = 0 [pid 5299] mkdir("./file0", 0777) = 0 [pid 5299] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5299] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5299] chdir("./file0") = 0 [pid 5299] ioctl(4, LOOP_CLR_FD) = 0 [pid 5299] close(4) = 0 [pid 5299] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5299] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... futex resumed>) = 0 [pid 5298] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = 0 [pid 5298] <... futex resumed>) = 1 [pid 5299] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5298] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... open resumed>) = 4 [pid 5299] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5299] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5299] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5298] <... futex resumed>) = 0 [pid 5299] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5299] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5298] <... futex resumed>) = 0 [pid 5299] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5298] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5299] <... mmap resumed>) = 0x20000000 [pid 5299] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5299] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5298] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5298] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5298] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5298] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5300 attached [pid 5300] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5300] set_robust_list(0x7f3dc0d559a0, 24 [pid 5298] <... clone3 resumed> => {parent_tid=[5300]}, 88) = 5300 [pid 5300] <... set_robust_list resumed>) = 0 [pid 5298] rt_sigprocmask(SIG_SETMASK, [], [pid 5300] rt_sigprocmask(SIG_SETMASK, [], [pid 5298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5298] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5298] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5300] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5300] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5298] <... futex resumed>) = ? [pid 5299] <... futex resumed>) = ? [pid 5300] +++ killed by SIGBUS +++ [pid 5299] +++ killed by SIGBUS +++ [pid 5298] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5298, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./87", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./87/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./87/binderfs") = 0 [ 82.057540][ T5299] syz-executor183[5299]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.080048][ T5299] loop0: detected capacity change from 0 to 2048 [ 82.091810][ T5299] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./87/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./87/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./87/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./87/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./87") = 0 mkdir("./88", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5301 attached , child_tidptr=0x555556218690) = 5301 [pid 5301] set_robust_list(0x5555562186a0, 24) = 0 [pid 5301] chdir("./88") = 0 [pid 5301] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5301] setpgid(0, 0) = 0 [pid 5301] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5301] write(3, "1000", 4) = 4 [pid 5301] close(3) = 0 [pid 5301] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5301] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5301] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5301] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5302]}, 88) = 5302 ./strace-static-x86_64: Process 5302 attached [pid 5301] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5302] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5301] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5301] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5302] memfd_create("syzkaller", 0) = 3 [pid 5302] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5302] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5302] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5302] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5302] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5302] close(3) = 0 [pid 5302] mkdir("./file0", 0777) = 0 [pid 5302] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5302] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5302] chdir("./file0") = 0 [pid 5302] ioctl(4, LOOP_CLR_FD) = 0 [pid 5302] close(4) = 0 [pid 5302] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5301] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] <... futex resumed>) = 0 [pid 5302] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5301] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... open resumed>) = 4 [pid 5302] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5301] <... futex resumed>) = 0 [pid 5302] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5301] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5302] <... open resumed>) = 5 [pid 5301] <... futex resumed>) = 0 [pid 5302] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5301] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] <... futex resumed>) = 0 [pid 5301] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5301] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5301] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5301] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5301] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5303]}, 88) = 5303 [pid 5301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5301] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5301] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5302] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5303] rt_sigprocmask(SIG_SETMASK, [], [pid 5302] <... futex resumed>) = 0 [pid 5303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5302] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5303] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5302] <... futex resumed>) = ? [pid 5301] <... futex resumed>) = ? [pid 5303] +++ killed by SIGBUS +++ [pid 5302] +++ killed by SIGBUS +++ [pid 5301] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5301, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./88", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./88/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./88/binderfs") = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./88/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./88/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./88/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./88/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./88") = 0 mkdir("./89", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5304 attached , child_tidptr=0x555556218690) = 5304 [pid 5304] set_robust_list(0x5555562186a0, 24) = 0 [pid 5304] chdir("./89") = 0 [pid 5304] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5304] setpgid(0, 0) = 0 [pid 5304] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 82.168971][ T5302] syz-executor183[5302]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.192932][ T5302] loop0: detected capacity change from 0 to 2048 [ 82.204839][ T5302] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5304] write(3, "1000", 4) = 4 [pid 5304] close(3) = 0 [pid 5304] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5304] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5304] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5304] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5305 attached => {parent_tid=[5305]}, 88) = 5305 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5304] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5305] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5305] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5305] memfd_create("syzkaller", 0) = 3 [pid 5305] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5305] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5305] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5305] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5305] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5305] close(3) = 0 [pid 5305] mkdir("./file0", 0777) = 0 [ 82.258260][ T5305] syz-executor183[5305]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.290832][ T5305] loop0: detected capacity change from 0 to 2048 [pid 5305] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5305] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5305] chdir("./file0") = 0 [pid 5305] ioctl(4, LOOP_CLR_FD) = 0 [pid 5305] close(4) = 0 [pid 5305] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5304] <... futex resumed>) = 0 [pid 5305] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5304] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] <... open resumed>) = 4 [pid 5305] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5304] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5305] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... futex resumed>) = 0 [pid 5304] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5305] <... futex resumed>) = 1 [pid 5304] <... futex resumed>) = 0 [pid 5305] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5304] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5305] <... mmap resumed>) = 0x20000000 [pid 5304] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5304] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5304] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5305] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5304] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5305] <... futex resumed>) = 0 [pid 5304] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5305] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5304] <... clone3 resumed> => {parent_tid=[5306]}, 88) = 5306 [pid 5304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5304] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5304] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5306 attached [pid 5306] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5306] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5306] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5305] <... futex resumed>) = ? [pid 5305] +++ killed by SIGBUS +++ [pid 5304] <... futex resumed>) = ? [pid 5306] +++ killed by SIGBUS +++ [pid 5304] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5304, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./89", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./89/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./89/binderfs") = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./89/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./89/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./89/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 82.302386][ T5305] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./89/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./89") = 0 mkdir("./90", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5307 attached [pid 5307] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5307 [pid 5307] chdir("./90") = 0 [pid 5307] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5307] setpgid(0, 0) = 0 [pid 5307] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5307] write(3, "1000", 4) = 4 [pid 5307] close(3) = 0 [pid 5307] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5307] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5307] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5307] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5307] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5307] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5307] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5307] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5308 attached => {parent_tid=[5308]}, 88) = 5308 [pid 5308] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5307] rt_sigprocmask(SIG_SETMASK, [], [pid 5308] <... rseq resumed>) = 0 [pid 5308] set_robust_list(0x7f3dc90769a0, 24 [pid 5307] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5308] <... set_robust_list resumed>) = 0 [pid 5308] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5308] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5307] <... futex resumed>) = 1 [pid 5308] memfd_create("syzkaller", 0 [pid 5307] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5308] <... memfd_create resumed>) = 3 [pid 5308] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5308] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5308] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5308] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5308] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5308] close(3) = 0 [pid 5308] mkdir("./file0", 0777) = 0 [pid 5308] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5308] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5308] chdir("./file0") = 0 [pid 5308] ioctl(4, LOOP_CLR_FD) = 0 [pid 5308] close(4) = 0 [pid 5308] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5308] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 0 [pid 5307] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5308] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 1 [pid 5307] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5308] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5308] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5307] <... futex resumed>) = 1 [pid 5307] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5307] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5307] <... futex resumed>) = 1 [pid 5307] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5308] <... futex resumed>) = 0 [pid 5308] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5308] +++ killed by SIGBUS +++ [pid 5307] <... futex resumed>) = ? [pid 5307] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5307, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./90", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./90/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./90/binderfs") = 0 [ 82.379520][ T5308] syz-executor183[5308]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.404707][ T5308] loop0: detected capacity change from 0 to 2048 [ 82.415765][ T5308] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./90/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./90/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./90/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./90/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./90") = 0 mkdir("./91", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5309 ./strace-static-x86_64: Process 5309 attached [pid 5309] set_robust_list(0x5555562186a0, 24) = 0 [pid 5309] chdir("./91") = 0 [pid 5309] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5309] setpgid(0, 0) = 0 [pid 5309] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5309] write(3, "1000", 4) = 4 [pid 5309] close(3) = 0 [pid 5309] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5309] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5309] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5309] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5310]}, 88) = 5310 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5310 attached ) = 0 [pid 5310] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5309] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5310] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5310] memfd_create("syzkaller", 0) = 3 [pid 5310] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5310] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5310] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5310] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5310] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5310] close(3) = 0 [pid 5310] mkdir("./file0", 0777) = 0 [pid 5310] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5310] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5310] chdir("./file0") = 0 [pid 5310] ioctl(4, LOOP_CLR_FD) = 0 [pid 5310] close(4) = 0 [pid 5310] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5310] <... futex resumed>) = 1 [pid 5309] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... open resumed>) = 4 [pid 5310] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5309] <... futex resumed>) = 0 [pid 5310] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5310] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5309] <... futex resumed>) = 0 [pid 5310] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5309] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5310] <... open resumed>) = 5 [pid 5310] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5309] <... futex resumed>) = 0 [pid 5309] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5310] <... futex resumed>) = 1 [pid 5310] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5309] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5310] <... mmap resumed>) = 0x20000000 [pid 5309] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5310] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5309] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5310] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5309] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5311]}, 88) = 5311 [pid 5309] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5309] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5311 attached [pid 5311] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5309] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5311] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5311] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5309] <... futex resumed>) = ? [pid 5310] <... futex resumed>) = ? [pid 5311] +++ killed by SIGBUS +++ [pid 5310] +++ killed by SIGBUS +++ [pid 5309] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5309, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./91", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./91/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./91/binderfs") = 0 [ 82.507380][ T5310] syz-executor183[5310]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.530120][ T5310] loop0: detected capacity change from 0 to 2048 [ 82.542074][ T5310] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./91/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./91/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./91/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./91/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./91") = 0 mkdir("./92", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5312 attached , child_tidptr=0x555556218690) = 5312 [pid 5312] set_robust_list(0x5555562186a0, 24) = 0 [pid 5312] chdir("./92") = 0 [pid 5312] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5312] setpgid(0, 0) = 0 [pid 5312] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5312] write(3, "1000", 4) = 4 [pid 5312] close(3) = 0 [pid 5312] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5312] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5312] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5312] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5313]}, 88) = 5313 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5312] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5313 attached [pid 5313] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5313] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5313] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5313] memfd_create("syzkaller", 0) = 3 [pid 5313] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5313] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5313] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5313] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5313] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5313] close(3) = 0 [pid 5313] mkdir("./file0", 0777) = 0 [pid 5313] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5313] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5313] chdir("./file0") = 0 [pid 5313] ioctl(4, LOOP_CLR_FD) = 0 [pid 5313] close(4) = 0 [pid 5313] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5313] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5312] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] <... open resumed>) = 4 [pid 5313] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5313] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5312] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] <... open resumed>) = 5 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5313] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5312] <... futex resumed>) = 0 [pid 5312] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5312] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5313] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5312] <... futex resumed>) = 0 [pid 5312] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5313] <... mmap resumed>) = 0x20000000 [pid 5312] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5312] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5313] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5312] <... mprotect resumed>) = 0 [pid 5312] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5312] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5313] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5314 attached [pid 5312] <... clone3 resumed> => {parent_tid=[5314]}, 88) = 5314 [pid 5314] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5312] rt_sigprocmask(SIG_SETMASK, [], [pid 5314] <... rseq resumed>) = 0 [pid 5312] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5314] set_robust_list(0x7f3dc0d559a0, 24 [pid 5312] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5314] <... set_robust_list resumed>) = 0 [pid 5312] <... futex resumed>) = 0 [pid 5314] rt_sigprocmask(SIG_SETMASK, [], [pid 5312] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5313] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5314] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5313] <... futex resumed>) = ? [pid 5312] <... futex resumed>) = ? [pid 5313] +++ killed by SIGBUS +++ [pid 5314] +++ killed by SIGBUS +++ [pid 5312] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5312, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./92", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./92/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./92/binderfs") = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./92/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./92/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./92/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./92/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./92") = 0 mkdir("./93", 0777) = 0 [ 82.640249][ T5313] syz-executor183[5313]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.662757][ T5313] loop0: detected capacity change from 0 to 2048 [ 82.674759][ T5313] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5315 ./strace-static-x86_64: Process 5315 attached [pid 5315] set_robust_list(0x5555562186a0, 24) = 0 [pid 5315] chdir("./93") = 0 [pid 5315] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5315] setpgid(0, 0) = 0 [pid 5315] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5315] write(3, "1000", 4) = 4 [pid 5315] close(3) = 0 [pid 5315] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5315] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5315] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5315] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5316 attached => {parent_tid=[5316]}, 88) = 5316 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5315] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5315] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5316] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5316] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5316] memfd_create("syzkaller", 0) = 3 [pid 5316] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5316] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5316] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5316] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5316] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5316] close(3) = 0 [pid 5316] mkdir("./file0", 0777) = 0 [ 82.740776][ T5316] syz-executor183[5316]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.770314][ T5316] loop0: detected capacity change from 0 to 2048 [ 82.782420][ T5316] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5316] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5316] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5316] chdir("./file0") = 0 [pid 5316] ioctl(4, LOOP_CLR_FD) = 0 [pid 5316] close(4) = 0 [pid 5316] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... futex resumed>) = 0 [pid 5316] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5316] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5316] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] <... futex resumed>) = 0 [pid 5315] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = 0 [pid 5315] <... futex resumed>) = 1 [pid 5316] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5315] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... open resumed>) = 5 [pid 5316] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5315] <... futex resumed>) = 0 [pid 5316] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5315] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5316] <... mmap resumed>) = 0x20000000 [pid 5315] <... futex resumed>) = 0 [pid 5316] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5315] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5316] <... futex resumed>) = 0 [pid 5316] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5315] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5315] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5315] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5315] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5317 attached [pid 5317] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5315] <... clone3 resumed> => {parent_tid=[5317]}, 88) = 5317 [pid 5317] <... rseq resumed>) = 0 [pid 5315] rt_sigprocmask(SIG_SETMASK, [], [pid 5317] set_robust_list(0x7f3dc0d559a0, 24 [pid 5315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5317] <... set_robust_list resumed>) = 0 [pid 5317] rt_sigprocmask(SIG_SETMASK, [], [pid 5315] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5315] <... futex resumed>) = 0 [pid 5317] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5315] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5316] <... futex resumed>) = ? [pid 5315] <... futex resumed>) = ? [pid 5317] +++ killed by SIGBUS +++ [pid 5316] +++ killed by SIGBUS +++ [pid 5315] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5315, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./93", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./93/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./93/binderfs") = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./93/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./93/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./93/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./93/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./93") = 0 mkdir("./94", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5318 attached , child_tidptr=0x555556218690) = 5318 [pid 5318] set_robust_list(0x5555562186a0, 24) = 0 [pid 5318] chdir("./94") = 0 [pid 5318] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5318] setpgid(0, 0) = 0 [pid 5318] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5318] write(3, "1000", 4) = 4 [pid 5318] close(3) = 0 [pid 5318] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5318] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5318] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5318] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5318] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5319]}, 88) = 5319 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5318] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5319 attached [pid 5319] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5319] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5319] memfd_create("syzkaller", 0) = 3 [pid 5319] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5319] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5319] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5319] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5319] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5319] close(3) = 0 [pid 5319] mkdir("./file0", 0777) = 0 [pid 5319] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5319] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5319] chdir("./file0") = 0 [pid 5319] ioctl(4, LOOP_CLR_FD) = 0 [pid 5319] close(4) = 0 [pid 5319] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5319] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5319] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5319] <... futex resumed>) = 0 [pid 5318] <... futex resumed>) = 1 [pid 5319] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5318] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5319] <... open resumed>) = 5 [pid 5319] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5318] <... futex resumed>) = 0 [pid 5318] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5318] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5318] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5319] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5318] <... mprotect resumed>) = 0 [pid 5319] <... mmap resumed>) = 0x20000000 [pid 5318] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5319] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5319] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5318] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5318] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5320 attached [pid 5320] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5318] <... clone3 resumed> => {parent_tid=[5320]}, 88) = 5320 [pid 5320] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5318] rt_sigprocmask(SIG_SETMASK, [], [pid 5320] rt_sigprocmask(SIG_SETMASK, [], [pid 5318] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5318] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5320] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5318] <... futex resumed>) = 0 [pid 5319] <... futex resumed>) = ? [pid 5320] +++ killed by SIGBUS +++ [pid 5319] +++ killed by SIGBUS +++ [pid 5318] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5318, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./94", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./94/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./94/binderfs") = 0 [ 82.869771][ T5319] syz-executor183[5319]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 82.892555][ T5319] loop0: detected capacity change from 0 to 2048 [ 82.904096][ T5319] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./94/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./94/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./94/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./94/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./94") = 0 mkdir("./95", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5321 attached , child_tidptr=0x555556218690) = 5321 [pid 5321] set_robust_list(0x5555562186a0, 24) = 0 [pid 5321] chdir("./95") = 0 [pid 5321] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5321] setpgid(0, 0) = 0 [pid 5321] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5321] write(3, "1000", 4) = 4 [pid 5321] close(3) = 0 [pid 5321] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5321] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5321] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5321] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5321] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5321] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5321] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5322]}, 88) = 5322 [pid 5321] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5321] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5322 attached [pid 5322] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5322] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5322] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5322] memfd_create("syzkaller", 0) = 3 [pid 5322] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5322] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5322] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5322] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5322] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5322] close(3) = 0 [pid 5322] mkdir("./file0", 0777) = 0 [ 82.978147][ T5322] syz-executor183[5322]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 83.018175][ T5322] loop0: detected capacity change from 0 to 2048 [pid 5322] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5322] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5322] chdir("./file0") = 0 [pid 5322] ioctl(4, LOOP_CLR_FD) = 0 [pid 5322] close(4) = 0 [pid 5322] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5321] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5322] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5322] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5321] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5322] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5321] <... futex resumed>) = 0 [pid 5321] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5322] <... futex resumed>) = 0 [pid 5321] <... futex resumed>) = 1 [pid 5322] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5321] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5321] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5322] <... futex resumed>) = 0 [pid 5322] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5322] +++ killed by SIGBUS +++ [pid 5321] <... futex resumed>) = ? [pid 5321] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5321, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./95", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./95/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./95/binderfs") = 0 [ 83.029612][ T5322] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./95/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./95/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./95/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./95/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./95") = 0 mkdir("./96", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5323 attached , child_tidptr=0x555556218690) = 5323 [pid 5323] set_robust_list(0x5555562186a0, 24) = 0 [pid 5323] chdir("./96") = 0 [pid 5323] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5323] setpgid(0, 0) = 0 [pid 5323] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5323] write(3, "1000", 4) = 4 [pid 5323] close(3) = 0 [pid 5323] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5323] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5323] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5323] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5324]}, 88) = 5324 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5324 attached [pid 5324] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5324] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5324] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5324] memfd_create("syzkaller", 0) = 3 [pid 5324] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5324] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5324] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5324] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5324] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5324] close(3) = 0 [pid 5324] mkdir("./file0", 0777) = 0 [pid 5324] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5324] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5324] chdir("./file0") = 0 [pid 5324] ioctl(4, LOOP_CLR_FD) = 0 [pid 5324] close(4) = 0 [pid 5324] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5323] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... open resumed>) = 4 [pid 5324] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5323] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5324] <... futex resumed>) = 0 [pid 5323] <... futex resumed>) = 1 [pid 5324] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5323] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5324] <... open resumed>) = 5 [pid 5324] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5323] <... futex resumed>) = 0 [pid 5324] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5323] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5324] <... mmap resumed>) = 0x20000000 [pid 5324] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5323] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5323] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5324] <... futex resumed>) = 0 [pid 5323] <... mprotect resumed>) = 0 [pid 5323] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5323] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5324] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5325 attached [pid 5325] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5323] <... clone3 resumed> => {parent_tid=[5325]}, 88) = 5325 [pid 5325] <... rseq resumed>) = 0 [pid 5323] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5323] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5323] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5325] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5325] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5324] <... futex resumed>) = ? [pid 5323] <... futex resumed>) = ? [pid 5325] +++ killed by SIGBUS +++ [pid 5324] +++ killed by SIGBUS +++ [pid 5323] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5323, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./96", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./96/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./96/binderfs") = 0 [ 83.141434][ T5324] loop0: detected capacity change from 0 to 2048 [ 83.153810][ T5324] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./96/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./96/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./96/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./96/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./96") = 0 mkdir("./97", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5326 attached , child_tidptr=0x555556218690) = 5326 [pid 5326] set_robust_list(0x5555562186a0, 24) = 0 [pid 5326] chdir("./97") = 0 [pid 5326] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5326] setpgid(0, 0) = 0 [pid 5326] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5326] write(3, "1000", 4) = 4 [pid 5326] close(3) = 0 [pid 5326] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5326] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5326] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5326] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5327 attached [pid 5327] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5326] <... clone3 resumed> => {parent_tid=[5327]}, 88) = 5327 [pid 5327] <... rseq resumed>) = 0 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], [pid 5327] set_robust_list(0x7f3dc90769a0, 24 [pid 5326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5327] <... set_robust_list resumed>) = 0 [pid 5326] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5326] <... futex resumed>) = 0 [pid 5327] memfd_create("syzkaller", 0 [pid 5326] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5327] <... memfd_create resumed>) = 3 [pid 5327] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5327] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5327] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5327] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5327] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5327] close(3) = 0 [pid 5327] mkdir("./file0", 0777) = 0 [pid 5327] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5327] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5327] chdir("./file0") = 0 [pid 5327] ioctl(4, LOOP_CLR_FD) = 0 [pid 5327] close(4) = 0 [pid 5327] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] <... futex resumed>) = 0 [pid 5326] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5327] <... futex resumed>) = 0 [pid 5327] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5326] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] <... open resumed>) = 4 [pid 5327] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5326] <... futex resumed>) = 0 [pid 5327] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5326] <... futex resumed>) = 1 [pid 5327] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5326] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5327] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5327] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5326] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... futex resumed>) = 0 [pid 5326] <... futex resumed>) = 1 [pid 5327] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5326] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5327] <... mmap resumed>) = 0x20000000 [pid 5326] <... futex resumed>) = 0 [pid 5326] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5327] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5326] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5327] <... futex resumed>) = 0 [pid 5327] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5326] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5326] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5326] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5328]}, 88) = 5328 [pid 5326] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5326] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5326] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5328 attached [pid 5328] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5328] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5328] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5327] <... futex resumed>) = ? [pid 5326] <... futex resumed>) = ? [pid 5328] +++ killed by SIGBUS +++ [pid 5327] +++ killed by SIGBUS +++ [pid 5326] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5326, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./97", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./97/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./97/binderfs") = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./97/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 83.262973][ T5327] loop0: detected capacity change from 0 to 2048 [ 83.274663][ T5327] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./97/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./97/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./97/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./97") = 0 mkdir("./98", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5329 ./strace-static-x86_64: Process 5329 attached [pid 5329] set_robust_list(0x5555562186a0, 24) = 0 [pid 5329] chdir("./98") = 0 [pid 5329] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5329] setpgid(0, 0) = 0 [pid 5329] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5329] write(3, "1000", 4) = 4 [pid 5329] close(3) = 0 [pid 5329] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5329] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5329] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5329] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5330]}, 88) = 5330 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5330 attached NULL, 8) = 0 [pid 5330] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5329] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... rseq resumed>) = 0 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5330] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5330] memfd_create("syzkaller", 0) = 3 [pid 5330] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5330] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5330] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5330] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5330] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5330] close(3) = 0 [pid 5330] mkdir("./file0", 0777) = 0 [pid 5330] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5330] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5330] chdir("./file0") = 0 [pid 5330] ioctl(4, LOOP_CLR_FD) = 0 [pid 5330] close(4) = 0 [pid 5330] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5330] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5329] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 4 [pid 5330] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5329] <... futex resumed>) = 0 [pid 5329] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... open resumed>) = 5 [pid 5330] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5329] <... futex resumed>) = 0 [pid 5330] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5330] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5330] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5329] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5329] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5329] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5330] <... mmap resumed>) = 0x20000000 [pid 5329] <... mprotect resumed>) = 0 [pid 5329] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5330] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5329] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5330] <... futex resumed>) = 0 [pid 5329] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5330] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5331 attached [pid 5331] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5329] <... clone3 resumed> => {parent_tid=[5331]}, 88) = 5331 [pid 5331] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5329] rt_sigprocmask(SIG_SETMASK, [], [pid 5331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5329] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5331] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5329] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5331] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5329] <... futex resumed>) = 0 [pid 5331] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5329] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5330] <... futex resumed>) = ? [pid 5329] <... futex resumed>) = ? [pid 5331] +++ killed by SIGBUS +++ [pid 5330] +++ killed by SIGBUS +++ [pid 5329] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5329, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./98", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./98/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./98/binderfs") = 0 [ 83.384464][ T5330] loop0: detected capacity change from 0 to 2048 [ 83.395637][ T5330] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./98/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./98/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./98/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./98/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./98") = 0 mkdir("./99", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5332 ./strace-static-x86_64: Process 5332 attached [pid 5332] set_robust_list(0x5555562186a0, 24) = 0 [pid 5332] chdir("./99") = 0 [pid 5332] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5332] setpgid(0, 0) = 0 [pid 5332] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5332] write(3, "1000", 4) = 4 [pid 5332] close(3) = 0 [pid 5332] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5332] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5332] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5332] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5333 attached => {parent_tid=[5333]}, 88) = 5333 [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5333] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5333] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5333] memfd_create("syzkaller", 0) = 3 [pid 5333] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5333] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5333] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5333] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5333] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5333] close(3) = 0 [pid 5333] mkdir("./file0", 0777) = 0 [pid 5333] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5333] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5333] chdir("./file0") = 0 [pid 5333] ioctl(4, LOOP_CLR_FD) = 0 [pid 5333] close(4) = 0 [pid 5333] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5332] <... futex resumed>) = 0 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5332] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... open resumed>) = 4 [pid 5333] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 1 [pid 5333] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5333] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5332] <... futex resumed>) = 0 [pid 5332] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5332] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5332] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5332] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5334]}, 88) = 5334 ./strace-static-x86_64: Process 5334 attached [pid 5332] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5332] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5332] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5333] <... futex resumed>) = 1 [pid 5333] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5334] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5334] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5333] <... mmap resumed>) = 0x20000000 [pid 5334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5334] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5333] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = ? [pid 5332] <... futex resumed>) = ? [pid 5333] +++ killed by SIGBUS +++ [pid 5334] +++ killed by SIGBUS +++ [pid 5332] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5332, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./99", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./99/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./99/binderfs") = 0 [ 83.494975][ T5333] loop0: detected capacity change from 0 to 2048 [ 83.507565][ T5333] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./99/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./99/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./99/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./99/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./99") = 0 mkdir("./100", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5335 attached , child_tidptr=0x555556218690) = 5335 [pid 5335] set_robust_list(0x5555562186a0, 24) = 0 [pid 5335] chdir("./100") = 0 [pid 5335] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5335] setpgid(0, 0) = 0 [pid 5335] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5335] write(3, "1000", 4) = 4 [pid 5335] close(3) = 0 [pid 5335] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5335] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5335] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5335] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5336 attached [pid 5336] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5336] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5336] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5336] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] <... clone3 resumed> => {parent_tid=[5336]}, 88) = 5336 [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 0 [pid 5335] <... futex resumed>) = 1 [pid 5336] memfd_create("syzkaller", 0 [pid 5335] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5336] <... memfd_create resumed>) = 3 [pid 5336] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5336] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5336] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5336] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5336] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5336] close(3) = 0 [pid 5336] mkdir("./file0", 0777) = 0 [pid 5336] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5336] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5336] chdir("./file0") = 0 [pid 5336] ioctl(4, LOOP_CLR_FD) = 0 [pid 5336] close(4) = 0 [pid 5336] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] <... futex resumed>) = 0 [pid 5336] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5335] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] <... open resumed>) = 4 [pid 5336] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5335] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5335] <... futex resumed>) = 0 [pid 5336] <... open resumed>) = 5 [pid 5335] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5336] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... futex resumed>) = 0 [pid 5335] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5336] <... futex resumed>) = 1 [pid 5335] <... futex resumed>) = 0 [pid 5336] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5335] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5336] <... mmap resumed>) = 0x20000000 [pid 5335] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5335] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5336] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5335] <... mprotect resumed>) = 0 [pid 5336] <... futex resumed>) = 0 [pid 5336] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5335] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5335] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5337]}, 88) = 5337 ./strace-static-x86_64: Process 5337 attached [pid 5335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5335] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5335] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5337] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5337] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5337] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5336] <... futex resumed>) = ? [pid 5336] +++ killed by SIGBUS +++ [pid 5335] <... futex resumed>) = ? [pid 5337] +++ killed by SIGBUS +++ [pid 5335] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5335, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./100", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./100/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./100/binderfs") = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./100/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./100/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./100/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./100/file0") = 0 [ 83.605505][ T5336] loop0: detected capacity change from 0 to 2048 [ 83.618349][ T5336] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./100") = 0 mkdir("./101", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5338 attached , child_tidptr=0x555556218690) = 5338 [pid 5338] set_robust_list(0x5555562186a0, 24) = 0 [pid 5338] chdir("./101") = 0 [pid 5338] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5338] setpgid(0, 0) = 0 [pid 5338] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5338] write(3, "1000", 4) = 4 [pid 5338] close(3) = 0 [pid 5338] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5338] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5338] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5338] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5339]}, 88) = 5339 [pid 5338] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5338] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5339 attached [pid 5339] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5339] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5339] memfd_create("syzkaller", 0) = 3 [pid 5339] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5339] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5339] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5339] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5339] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5339] close(3) = 0 [pid 5339] mkdir("./file0", 0777) = 0 [pid 5339] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5339] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5339] chdir("./file0") = 0 [pid 5339] ioctl(4, LOOP_CLR_FD) = 0 [pid 5339] close(4) = 0 [pid 5339] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5339] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [pid 5339] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5338] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5338] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] <... futex resumed>) = 0 [pid 5338] <... futex resumed>) = 1 [pid 5339] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5338] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5339] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5339] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5338] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5338] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5339] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5339] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5338] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5338] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5338] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5340]}, 88) = 5340 ./strace-static-x86_64: Process 5340 attached [pid 5338] rt_sigprocmask(SIG_SETMASK, [], [pid 5340] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5340] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5338] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5340] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5338] <... futex resumed>) = 0 [pid 5338] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5340] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5339] <... futex resumed>) = ? [pid 5338] <... futex resumed>) = ? [pid 5340] +++ killed by SIGBUS +++ [pid 5339] +++ killed by SIGBUS +++ [pid 5338] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5338, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./101", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./101/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./101/binderfs") = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./101/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./101/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./101/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./101/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./101") = 0 mkdir("./102", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 83.718879][ T5339] loop0: detected capacity change from 0 to 2048 [ 83.730547][ T5339] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5341 ./strace-static-x86_64: Process 5341 attached [pid 5341] set_robust_list(0x5555562186a0, 24) = 0 [pid 5341] chdir("./102") = 0 [pid 5341] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5341] setpgid(0, 0) = 0 [pid 5341] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5341] write(3, "1000", 4) = 4 [pid 5341] close(3) = 0 [pid 5341] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5341] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5341] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5341] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5341] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5341] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5342]}, 88) = 5342 [pid 5341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5341] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5342 attached [pid 5342] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5342] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5342] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5342] memfd_create("syzkaller", 0) = 3 [pid 5342] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5342] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5342] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5342] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5342] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5342] close(3) = 0 [pid 5342] mkdir("./file0", 0777) = 0 [pid 5342] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5342] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5342] chdir("./file0") = 0 [pid 5342] ioctl(4, LOOP_CLR_FD) = 0 [pid 5342] close(4) = 0 [pid 5342] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] <... futex resumed>) = 0 [pid 5342] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5342] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5342] <... futex resumed>) = 0 [pid 5342] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5341] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5342] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5341] <... futex resumed>) = 0 [pid 5341] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5341] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5342] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[5343]}, 88) = 5343 ./strace-static-x86_64: Process 5343 attached [pid 5341] rt_sigprocmask(SIG_SETMASK, [], [pid 5343] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5342] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5342] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5341] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5341] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5343] <... rseq resumed>) = 0 [pid 5343] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5343] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5342] <... futex resumed>) = ? [pid 5341] <... futex resumed>) = ? [pid 5343] +++ killed by SIGBUS +++ [ 83.866139][ T5342] loop0: detected capacity change from 0 to 2048 [ 83.879528][ T5342] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5342] +++ killed by SIGBUS +++ [pid 5341] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5341, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./102", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./102/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./102/binderfs") = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./102/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./102/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./102/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./102/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./102") = 0 mkdir("./103", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5344 attached [pid 5344] set_robust_list(0x5555562186a0, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5344 [pid 5344] <... set_robust_list resumed>) = 0 [pid 5344] chdir("./103") = 0 [pid 5344] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5344] setpgid(0, 0) = 0 [pid 5344] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5344] write(3, "1000", 4) = 4 [pid 5344] close(3) = 0 [pid 5344] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5344] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5344] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5345 attached [pid 5345] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5344] <... clone3 resumed> => {parent_tid=[5345]}, 88) = 5345 [pid 5345] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] rt_sigprocmask(SIG_SETMASK, [], [pid 5345] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5344] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5345] memfd_create("syzkaller", 0 [pid 5344] <... futex resumed>) = 1 [pid 5344] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5345] <... memfd_create resumed>) = 3 [pid 5345] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5345] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5345] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5345] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5345] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5345] close(3) = 0 [pid 5345] mkdir("./file0", 0777) = 0 [pid 5345] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5345] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5345] chdir("./file0") = 0 [pid 5345] ioctl(4, LOOP_CLR_FD) = 0 [pid 5345] close(4) = 0 [pid 5345] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5345] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5344] <... futex resumed>) = 0 [pid 5345] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5344] <... futex resumed>) = 0 [pid 5345] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5344] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5345] <... open resumed>) = 5 [pid 5345] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5345] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... futex resumed>) = 0 [pid 5344] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5345] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5345] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5344] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5344] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5345] <... mmap resumed>) = 0x20000000 [pid 5345] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5345] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5344] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5344] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5344] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5346 attached [pid 5346] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5346] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5346] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] <... clone3 resumed> => {parent_tid=[5346]}, 88) = 5346 [pid 5346] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5344] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5344] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5346] <... futex resumed>) = 0 [pid 5344] <... futex resumed>) = 1 [pid 5346] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5344] ???( [pid 5345] <... futex resumed>) = ? [pid 5344] <... ??? resumed>) = ? [pid 5345] +++ killed by SIGBUS +++ [pid 5346] +++ killed by SIGBUS +++ [pid 5344] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5344, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./103", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./103/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./103/binderfs") = 0 [ 84.009659][ T5345] loop0: detected capacity change from 0 to 2048 [ 84.021622][ T5345] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./103/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./103/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./103/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./103/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./103") = 0 mkdir("./104", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5347 attached [pid 5347] set_robust_list(0x5555562186a0, 24) = 0 [pid 5347] chdir("./104") = 0 [pid 5347] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5347] setpgid(0, 0) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5347 [pid 5347] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5347] write(3, "1000", 4) = 4 [pid 5347] close(3) = 0 [pid 5347] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5347] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5347] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5347] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5348]}, 88) = 5348 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5347] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5347] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5348 attached [pid 5348] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5348] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5348] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5348] memfd_create("syzkaller", 0) = 3 [pid 5348] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5348] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5348] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5348] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5348] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5348] close(3) = 0 [pid 5348] mkdir("./file0", 0777) = 0 [pid 5348] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5348] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5348] chdir("./file0") = 0 [pid 5348] ioctl(4, LOOP_CLR_FD) = 0 [pid 5348] close(4) = 0 [pid 5348] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5348] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... futex resumed>) = 0 [pid 5347] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5348] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5348] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] <... futex resumed>) = 1 [pid 5347] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = 0 [pid 5347] <... futex resumed>) = 1 [pid 5347] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5348] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5348] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5347] <... futex resumed>) = 0 [pid 5348] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5347] <... futex resumed>) = 0 [pid 5348] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5347] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5348] <... mmap resumed>) = 0x20000000 [pid 5347] <... futex resumed>) = 0 [pid 5347] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5347] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5348] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5348] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5347] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5347] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5349 attached => {parent_tid=[5349]}, 88) = 5349 [pid 5349] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5347] rt_sigprocmask(SIG_SETMASK, [], [pid 5349] set_robust_list(0x7f3dc0d559a0, 24 [pid 5347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5349] <... set_robust_list resumed>) = 0 [pid 5347] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5349] rt_sigprocmask(SIG_SETMASK, [], [pid 5347] <... futex resumed>) = 0 [pid 5349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5347] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5349] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5347] <... futex resumed>) = ? [pid 5349] +++ killed by SIGBUS +++ [pid 5348] <... futex resumed>) = ? [pid 5348] +++ killed by SIGBUS +++ [pid 5347] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5347, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./104", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./104/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./104/binderfs") = 0 [ 84.133140][ T5348] loop0: detected capacity change from 0 to 2048 [ 84.145502][ T5348] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./104/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./104/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./104/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./104/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./104") = 0 mkdir("./105", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5350 ./strace-static-x86_64: Process 5350 attached [pid 5350] set_robust_list(0x5555562186a0, 24) = 0 [pid 5350] chdir("./105") = 0 [pid 5350] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5350] setpgid(0, 0) = 0 [pid 5350] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5350] write(3, "1000", 4) = 4 [pid 5350] close(3) = 0 [pid 5350] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5350] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5350] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5350] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5351 attached => {parent_tid=[5351]}, 88) = 5351 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5351] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5351] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5351] memfd_create("syzkaller", 0) = 3 [pid 5351] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5351] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5351] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5351] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5351] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5351] close(3) = 0 [pid 5351] mkdir("./file0", 0777) = 0 [pid 5351] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5351] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5351] chdir("./file0") = 0 [pid 5351] ioctl(4, LOOP_CLR_FD) = 0 [pid 5351] close(4) = 0 [pid 5351] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5350] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... open resumed>) = 4 [pid 5351] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5351] <... futex resumed>) = 1 [pid 5351] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5351] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5350] <... futex resumed>) = 0 [pid 5351] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5350] <... futex resumed>) = 0 [pid 5351] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5350] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5351] <... mmap resumed>) = 0x20000000 [pid 5350] <... futex resumed>) = 0 [pid 5350] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5351] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5351] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5350] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5350] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5350] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5352]}, 88) = 5352 [pid 5350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5350] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5350] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5352 attached [pid 5352] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5352] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5352] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5351] <... futex resumed>) = ? [pid 5352] +++ killed by SIGBUS +++ [pid 5351] +++ killed by SIGBUS +++ [pid 5350] <... futex resumed>) = ? [pid 5350] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5350, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./105", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./105/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./105/binderfs") = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./105/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 84.239571][ T5351] loop0: detected capacity change from 0 to 2048 [ 84.250920][ T5351] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./105/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./105/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./105/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./105") = 0 mkdir("./106", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5353 ./strace-static-x86_64: Process 5353 attached [pid 5353] set_robust_list(0x5555562186a0, 24) = 0 [pid 5353] chdir("./106") = 0 [pid 5353] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5353] setpgid(0, 0) = 0 [pid 5353] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5353] write(3, "1000", 4) = 4 [pid 5353] close(3) = 0 [pid 5353] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5353] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5353] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5353] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5354 attached => {parent_tid=[5354]}, 88) = 5354 [pid 5354] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], [pid 5354] set_robust_list(0x7f3dc90769a0, 24 [pid 5353] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5354] <... set_robust_list resumed>) = 0 [pid 5353] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5353] <... futex resumed>) = 0 [pid 5354] memfd_create("syzkaller", 0 [pid 5353] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5354] <... memfd_create resumed>) = 3 [pid 5354] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5354] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5354] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5354] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5354] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5354] close(3) = 0 [pid 5354] mkdir("./file0", 0777) = 0 [pid 5354] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5354] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5354] chdir("./file0") = 0 [pid 5354] ioctl(4, LOOP_CLR_FD) = 0 [pid 5354] close(4) = 0 [pid 5354] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5353] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] <... open resumed>) = 4 [pid 5354] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5353] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5353] <... futex resumed>) = 0 [pid 5354] <... open resumed>) = 5 [pid 5353] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5354] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5353] <... futex resumed>) = 0 [pid 5354] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5354] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5353] <... futex resumed>) = 0 [pid 5354] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5353] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5354] <... mmap resumed>) = 0x20000000 [pid 5353] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5354] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5353] <... mprotect resumed>) = 0 [pid 5354] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5353] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5353] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5355 attached => {parent_tid=[5355]}, 88) = 5355 [pid 5355] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5355] <... rseq resumed>) = 0 [pid 5353] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5355] set_robust_list(0x7f3dc0d559a0, 24 [pid 5353] <... futex resumed>) = 0 [pid 5355] <... set_robust_list resumed>) = 0 [pid 5353] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5355] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5354] <... futex resumed>) = ? [pid 5353] <... futex resumed>) = ? [pid 5355] +++ killed by SIGBUS +++ [pid 5354] +++ killed by SIGBUS +++ [pid 5353] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5353, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./106", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./106/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./106/binderfs") = 0 [ 84.356906][ T5354] loop0: detected capacity change from 0 to 2048 [ 84.370519][ T5354] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./106/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./106/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./106/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./106/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./106") = 0 mkdir("./107", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5356 attached , child_tidptr=0x555556218690) = 5356 [pid 5356] set_robust_list(0x5555562186a0, 24) = 0 [pid 5356] chdir("./107") = 0 [pid 5356] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5356] setpgid(0, 0) = 0 [pid 5356] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5356] write(3, "1000", 4) = 4 [pid 5356] close(3) = 0 [pid 5356] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5356] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5356] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5356] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5356] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5357]}, 88) = 5357 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5356] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5356] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5357 attached [pid 5357] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5357] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5357] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5357] memfd_create("syzkaller", 0) = 3 [pid 5357] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5357] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5357] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5357] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5357] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5357] close(3) = 0 [pid 5357] mkdir("./file0", 0777) = 0 [pid 5357] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5357] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5357] chdir("./file0") = 0 [pid 5357] ioctl(4, LOOP_CLR_FD) = 0 [pid 5357] close(4) = 0 [pid 5357] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5356] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... open resumed>) = 4 [pid 5357] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5356] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5357] <... open resumed>) = 5 [pid 5357] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5356] <... futex resumed>) = 0 [pid 5357] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5356] <... futex resumed>) = 0 [pid 5357] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5356] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5357] <... mmap resumed>) = 0x20000000 [pid 5356] <... futex resumed>) = 0 [pid 5356] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5356] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5357] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5356] <... mprotect resumed>) = 0 [pid 5357] <... futex resumed>) = 0 [pid 5356] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5357] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5356] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5356] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5358 attached [pid 5358] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5356] <... clone3 resumed> => {parent_tid=[5358]}, 88) = 5358 [pid 5358] <... rseq resumed>) = 0 [pid 5356] rt_sigprocmask(SIG_SETMASK, [], [pid 5358] set_robust_list(0x7f3dc0d559a0, 24 [pid 5356] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] <... set_robust_list resumed>) = 0 [pid 5356] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5358] rt_sigprocmask(SIG_SETMASK, [], [pid 5356] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5358] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5356] <... futex resumed>) = ? [pid 5357] <... futex resumed>) = ? [pid 5358] +++ killed by SIGBUS +++ [pid 5357] +++ killed by SIGBUS +++ [pid 5356] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5356, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./107", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./107/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./107/binderfs") = 0 [ 84.469616][ T5357] loop0: detected capacity change from 0 to 2048 [ 84.481271][ T5357] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./107/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./107/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./107/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./107/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./107") = 0 mkdir("./108", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5359 attached , child_tidptr=0x555556218690) = 5359 [pid 5359] set_robust_list(0x5555562186a0, 24) = 0 [pid 5359] chdir("./108") = 0 [pid 5359] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5359] setpgid(0, 0) = 0 [pid 5359] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5359] write(3, "1000", 4) = 4 [pid 5359] close(3) = 0 [pid 5359] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5359] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5359] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5359] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5360]}, 88) = 5360 ./strace-static-x86_64: Process 5360 attached [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5360] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5360] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5360] memfd_create("syzkaller", 0) = 3 [pid 5360] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5360] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5360] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5360] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5360] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5360] close(3) = 0 [pid 5360] mkdir("./file0", 0777) = 0 [pid 5360] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5360] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5360] chdir("./file0") = 0 [pid 5360] ioctl(4, LOOP_CLR_FD) = 0 [pid 5360] close(4) = 0 [pid 5360] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5360] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 0 [pid 5360] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5359] <... futex resumed>) = 1 [pid 5359] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] <... open resumed>) = 4 [pid 5360] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5359] <... futex resumed>) = 0 [pid 5360] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5359] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5359] <... futex resumed>) = 0 [pid 5360] <... open resumed>) = 5 [pid 5359] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5360] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... futex resumed>) = 0 [pid 5359] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5360] <... futex resumed>) = 1 [pid 5360] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5359] <... futex resumed>) = 0 [pid 5360] <... mmap resumed>) = 0x20000000 [pid 5359] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5359] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5360] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5359] <... mprotect resumed>) = 0 [pid 5360] <... futex resumed>) = 0 [pid 5360] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5359] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5359] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5361]}, 88) = 5361 [pid 5359] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5359] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5359] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5361 attached [pid 5361] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5361] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5361] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5361] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5359] <... futex resumed>) = ? [pid 5361] +++ killed by SIGBUS +++ [pid 5360] <... futex resumed>) = ? [pid 5360] +++ killed by SIGBUS +++ [pid 5359] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5359, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./108", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./108/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./108/binderfs") = 0 [ 84.600863][ T5360] loop0: detected capacity change from 0 to 2048 [ 84.612681][ T5360] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./108/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./108/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./108/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./108/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./108") = 0 mkdir("./109", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5362 ./strace-static-x86_64: Process 5362 attached [pid 5362] set_robust_list(0x5555562186a0, 24) = 0 [pid 5362] chdir("./109") = 0 [pid 5362] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5362] setpgid(0, 0) = 0 [pid 5362] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5362] write(3, "1000", 4) = 4 [pid 5362] close(3) = 0 [pid 5362] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5362] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5362] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5362] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5363 attached [pid 5363] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5362] <... clone3 resumed> => {parent_tid=[5363]}, 88) = 5363 [pid 5363] <... rseq resumed>) = 0 [pid 5363] set_robust_list(0x7f3dc90769a0, 24 [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5363] <... set_robust_list resumed>) = 0 [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5363] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] <... futex resumed>) = 0 [pid 5363] memfd_create("syzkaller", 0 [pid 5362] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5363] <... memfd_create resumed>) = 3 [pid 5363] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5363] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5363] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5363] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5363] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5363] close(3) = 0 [pid 5363] mkdir("./file0", 0777) = 0 [pid 5363] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5363] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5363] chdir("./file0") = 0 [pid 5363] ioctl(4, LOOP_CLR_FD) = 0 [pid 5363] close(4) = 0 [pid 5363] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] <... futex resumed>) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5362] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] <... open resumed>) = 4 [pid 5363] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5362] <... futex resumed>) = 0 [pid 5363] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5362] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5363] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5362] <... futex resumed>) = 0 [pid 5363] <... open resumed>) = 5 [pid 5362] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5363] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5362] <... futex resumed>) = 0 [pid 5362] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] <... futex resumed>) = 1 [pid 5362] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5363] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0x7f3dc0d35000 [pid 5362] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5362] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5363] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5363] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5362] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5364 attached => {parent_tid=[5364]}, 88) = 5364 [pid 5364] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5364] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5364] rt_sigprocmask(SIG_SETMASK, [], [pid 5362] rt_sigprocmask(SIG_SETMASK, [], [pid 5364] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5364] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5362] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5362] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5362] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5364] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5364] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5363] <... futex resumed>) = ? [pid 5362] <... futex resumed>) = ? [pid 5364] +++ killed by SIGBUS +++ [pid 5363] +++ killed by SIGBUS +++ [pid 5362] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5362, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./109", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./109/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./109/binderfs") = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 84.710165][ T5363] loop0: detected capacity change from 0 to 2048 [ 84.721266][ T5363] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./109/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./109/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./109/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./109/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./109") = 0 mkdir("./110", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5365 ./strace-static-x86_64: Process 5365 attached [pid 5365] set_robust_list(0x5555562186a0, 24) = 0 [pid 5365] chdir("./110") = 0 [pid 5365] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5365] setpgid(0, 0) = 0 [pid 5365] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5365] write(3, "1000", 4) = 4 [pid 5365] close(3) = 0 [pid 5365] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5365] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5365] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5365] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5366 attached => {parent_tid=[5366]}, 88) = 5366 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5365] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5366] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5366] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5366] memfd_create("syzkaller", 0) = 3 [pid 5366] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5366] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5366] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5366] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5366] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5366] close(3) = 0 [pid 5366] mkdir("./file0", 0777) = 0 [pid 5366] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5366] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5366] chdir("./file0") = 0 [pid 5366] ioctl(4, LOOP_CLR_FD) = 0 [pid 5366] close(4) = 0 [pid 5366] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5366] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5366] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5365] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 4 [pid 5366] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5365] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5366] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5365] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5366] <... open resumed>) = 5 [pid 5366] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5365] <... futex resumed>) = 0 [pid 5366] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5365] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5366] <... mmap resumed>) = 0x20000000 [pid 5366] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5365] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5366] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5365] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5365] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5367 attached [pid 5367] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5367] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5367] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5367] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5365] <... clone3 resumed> => {parent_tid=[5367]}, 88) = 5367 [pid 5365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5365] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5367] <... futex resumed>) = 0 [pid 5365] <... futex resumed>) = 1 [pid 5365] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5367] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5366] <... futex resumed>) = ? [pid 5365] <... futex resumed>) = ? [pid 5367] +++ killed by SIGBUS +++ [pid 5366] +++ killed by SIGBUS +++ [pid 5365] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5365, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./110", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./110/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./110/binderfs") = 0 [ 84.821257][ T5366] loop0: detected capacity change from 0 to 2048 [ 84.832368][ T5366] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./110/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./110/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./110/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./110/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./110") = 0 mkdir("./111", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5368 ./strace-static-x86_64: Process 5368 attached [pid 5368] set_robust_list(0x5555562186a0, 24) = 0 [pid 5368] chdir("./111") = 0 [pid 5368] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5368] setpgid(0, 0) = 0 [pid 5368] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5368] write(3, "1000", 4) = 4 [pid 5368] close(3) = 0 [pid 5368] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5368] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5368] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5368] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5369 attached => {parent_tid=[5369]}, 88) = 5369 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5368] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5368] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5369] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5369] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5369] memfd_create("syzkaller", 0) = 3 [pid 5369] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5369] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5369] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5369] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5369] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5369] close(3) = 0 [pid 5369] mkdir("./file0", 0777) = 0 [pid 5369] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5369] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5369] chdir("./file0") = 0 [pid 5369] ioctl(4, LOOP_CLR_FD) = 0 [pid 5369] close(4) = 0 [pid 5369] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5369] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5368] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... open resumed>) = 4 [pid 5369] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5369] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5369] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5368] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5369] <... open resumed>) = 5 [pid 5369] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5368] <... futex resumed>) = 0 [pid 5369] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5368] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5369] <... mmap resumed>) = 0x20000000 [pid 5368] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5368] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5369] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5368] <... mprotect resumed>) = 0 [pid 5369] <... futex resumed>) = 0 [pid 5368] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5369] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5368] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5370 attached => {parent_tid=[5370]}, 88) = 5370 [pid 5370] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5370] set_robust_list(0x7f3dc0d559a0, 24 [pid 5368] rt_sigprocmask(SIG_SETMASK, [], [pid 5370] <... set_robust_list resumed>) = 0 [pid 5370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5370] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5368] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5368] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5370] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5368] <... futex resumed>) = 0 [pid 5368] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5370] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5368] <... futex resumed>) = ? [pid 5369] <... futex resumed>) = ? [pid 5370] +++ killed by SIGBUS +++ [pid 5369] +++ killed by SIGBUS +++ [pid 5368] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5368, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./111", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./111/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 84.950845][ T5369] loop0: detected capacity change from 0 to 2048 [ 84.962423][ T5369] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./111/binderfs") = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./111/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./111/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./111/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./111/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./111") = 0 mkdir("./112", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5371 attached , child_tidptr=0x555556218690) = 5371 [pid 5371] set_robust_list(0x5555562186a0, 24) = 0 [pid 5371] chdir("./112") = 0 [pid 5371] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5371] setpgid(0, 0) = 0 [pid 5371] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5371] write(3, "1000", 4) = 4 [pid 5371] close(3) = 0 [pid 5371] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5371] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5371] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5371] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5372 attached => {parent_tid=[5372]}, 88) = 5372 [pid 5371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5371] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5372] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5372] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5372] memfd_create("syzkaller", 0) = 3 [pid 5372] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5372] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5372] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5372] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5372] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5372] close(3) = 0 [pid 5372] mkdir("./file0", 0777) = 0 [pid 5372] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5372] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5372] chdir("./file0") = 0 [pid 5372] ioctl(4, LOOP_CLR_FD) = 0 [pid 5372] close(4) = 0 [pid 5372] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5372] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5371] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5372] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5371] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... open resumed>) = 5 [pid 5372] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5371] <... futex resumed>) = 0 [pid 5372] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5372] <... futex resumed>) = 0 [pid 5371] <... futex resumed>) = 1 [pid 5372] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5371] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5371] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5372] <... mmap resumed>) = 0x20000000 [pid 5372] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5371] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5372] <... futex resumed>) = 0 [pid 5372] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] <... mprotect resumed>) = 0 [pid 5371] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5371] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5373 attached [pid 5373] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5373] set_robust_list(0x7f3dc0d559a0, 24 [pid 5371] <... clone3 resumed> => {parent_tid=[5373]}, 88) = 5373 [pid 5373] <... set_robust_list resumed>) = 0 [pid 5373] rt_sigprocmask(SIG_SETMASK, [], [pid 5371] rt_sigprocmask(SIG_SETMASK, [], [pid 5373] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5371] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5373] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5371] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5373] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5371] <... futex resumed>) = 0 [pid 5373] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5371] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5372] <... futex resumed>) = ? [pid 5371] <... futex resumed>) = ? [pid 5372] +++ killed by SIGBUS +++ [pid 5373] +++ killed by SIGBUS +++ [pid 5371] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5371, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./112", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./112/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./112/binderfs") = 0 [ 85.079044][ T5372] loop0: detected capacity change from 0 to 2048 [ 85.090941][ T5372] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./112/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./112/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./112/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./112/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./112") = 0 mkdir("./113", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5374 attached , child_tidptr=0x555556218690) = 5374 [pid 5374] set_robust_list(0x5555562186a0, 24) = 0 [pid 5374] chdir("./113") = 0 [pid 5374] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5374] setpgid(0, 0) = 0 [pid 5374] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5374] write(3, "1000", 4) = 4 [pid 5374] close(3) = 0 [pid 5374] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5374] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5374] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5374] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5375 attached => {parent_tid=[5375]}, 88) = 5375 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5375] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5375] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5375] memfd_create("syzkaller", 0) = 3 [pid 5375] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5375] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5375] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5375] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5375] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5375] close(3) = 0 [pid 5375] mkdir("./file0", 0777) = 0 [pid 5375] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5375] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5375] chdir("./file0") = 0 [pid 5375] ioctl(4, LOOP_CLR_FD) = 0 [pid 5375] close(4) = 0 [pid 5375] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5375] <... futex resumed>) = 1 [pid 5375] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5375] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5375] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... futex resumed>) = 0 [pid 5374] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5375] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5375] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5375] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] <... futex resumed>) = 1 [pid 5374] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5374] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5375] <... futex resumed>) = 0 [pid 5375] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5374] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5375] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5374] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5375] <... futex resumed>) = 0 [pid 5375] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5374] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5374] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5374] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5376]}, 88) = 5376 [pid 5374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5374] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5374] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5376 attached [pid 5376] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5376] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5376] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5375] <... futex resumed>) = ? [pid 5374] <... futex resumed>) = ? [pid 5376] +++ killed by SIGBUS +++ [pid 5375] +++ killed by SIGBUS +++ [pid 5374] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5374, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./113", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./113/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./113/binderfs") = 0 [ 85.195803][ T5375] loop0: detected capacity change from 0 to 2048 [ 85.208369][ T5375] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./113/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./113/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./113/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./113/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./113") = 0 mkdir("./114", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5377 attached [pid 5377] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5377 [pid 5377] chdir("./114") = 0 [pid 5377] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5377] setpgid(0, 0) = 0 [pid 5377] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5377] write(3, "1000", 4) = 4 [pid 5377] close(3) = 0 [pid 5377] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5377] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5377] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5377] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5377] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5378 attached [pid 5378] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5377] <... clone3 resumed> => {parent_tid=[5378]}, 88) = 5378 [pid 5378] <... rseq resumed>) = 0 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], [pid 5378] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5378] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5377] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5378] <... futex resumed>) = 0 [pid 5378] memfd_create("syzkaller", 0) = 3 [pid 5378] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5377] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5378] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5378] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5378] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5378] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5378] close(3) = 0 [pid 5378] mkdir("./file0", 0777) = 0 [pid 5378] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5378] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5378] chdir("./file0") = 0 [pid 5378] ioctl(4, LOOP_CLR_FD) = 0 [pid 5378] close(4) = 0 [pid 5378] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 0 [pid 5378] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5377] <... futex resumed>) = 1 [pid 5377] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... open resumed>) = 4 [pid 5378] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5377] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5378] <... open resumed>) = 5 [pid 5378] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... futex resumed>) = 1 [pid 5377] <... futex resumed>) = 0 [pid 5378] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5377] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5378] <... mmap resumed>) = 0x20000000 [pid 5377] <... futex resumed>) = 0 [pid 5377] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5377] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5378] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5378] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5377] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5377] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5379]}, 88) = 5379 [pid 5377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5379 attached [pid 5379] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5377] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5379] <... rseq resumed>) = 0 [pid 5379] set_robust_list(0x7f3dc0d559a0, 24 [pid 5377] <... futex resumed>) = 0 [pid 5379] <... set_robust_list resumed>) = 0 [pid 5379] rt_sigprocmask(SIG_SETMASK, [], [pid 5377] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5379] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5379] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5377] <... futex resumed>) = ? [pid 5378] <... futex resumed>) = ? [pid 5379] +++ killed by SIGBUS +++ [pid 5378] +++ killed by SIGBUS +++ [pid 5377] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5377, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./114", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./114/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./114/binderfs") = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./114/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./114/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./114/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 85.312099][ T5378] loop0: detected capacity change from 0 to 2048 [ 85.322714][ T5378] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./114/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./114") = 0 mkdir("./115", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5380 ./strace-static-x86_64: Process 5380 attached [pid 5380] set_robust_list(0x5555562186a0, 24) = 0 [pid 5380] chdir("./115") = 0 [pid 5380] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5380] setpgid(0, 0) = 0 [pid 5380] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5380] write(3, "1000", 4) = 4 [pid 5380] close(3) = 0 [pid 5380] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5380] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5380] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5380] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5380] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5380] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5381 attached => {parent_tid=[5381]}, 88) = 5381 [pid 5381] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5381] <... rseq resumed>) = 0 [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5381] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5380] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] rt_sigprocmask(SIG_SETMASK, [], [pid 5380] <... futex resumed>) = 0 [pid 5381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5381] memfd_create("syzkaller", 0) = 3 [pid 5381] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5381] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5381] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5381] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5381] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5381] close(3) = 0 [pid 5381] mkdir("./file0", 0777) = 0 [pid 5381] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5381] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5381] chdir("./file0") = 0 [pid 5381] ioctl(4, LOOP_CLR_FD) = 0 [pid 5381] close(4) = 0 [pid 5381] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5381] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5380] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... open resumed>) = 4 [pid 5381] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5380] <... futex resumed>) = 0 [pid 5381] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5380] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5381] <... open resumed>) = 5 [pid 5381] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... futex resumed>) = 0 [pid 5380] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5381] <... futex resumed>) = 0 [pid 5381] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5380] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5381] <... mmap resumed>) = 0x20000000 [pid 5380] <... futex resumed>) = 0 [pid 5381] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5380] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5381] <... futex resumed>) = 0 [pid 5380] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5381] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5380] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5380] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5382 attached => {parent_tid=[5382]}, 88) = 5382 [pid 5380] rt_sigprocmask(SIG_SETMASK, [], [pid 5382] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5382] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5382] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5380] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5380] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5382] <... futex resumed>) = 0 [pid 5382] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5381] <... futex resumed>) = ? [pid 5382] +++ killed by SIGBUS +++ [pid 5381] +++ killed by SIGBUS +++ [pid 5380] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5380, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./115", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 85.411320][ T5381] loop0: detected capacity change from 0 to 2048 [ 85.422699][ T5381] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./115", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./115/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./115/binderfs") = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./115/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./115/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./115/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./115/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./115") = 0 mkdir("./116", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5383 ./strace-static-x86_64: Process 5383 attached [pid 5383] set_robust_list(0x5555562186a0, 24) = 0 [pid 5383] chdir("./116") = 0 [pid 5383] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5383] setpgid(0, 0) = 0 [pid 5383] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5383] write(3, "1000", 4) = 4 [pid 5383] close(3) = 0 [pid 5383] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5383] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5383] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5383] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5384]}, 88) = 5384 ./strace-static-x86_64: Process 5384 attached [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5384] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5384] <... rseq resumed>) = 0 [pid 5383] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] set_robust_list(0x7f3dc90769a0, 24 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5384] <... set_robust_list resumed>) = 0 [pid 5384] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5384] memfd_create("syzkaller", 0) = 3 [pid 5384] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5384] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5384] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5384] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5384] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5384] close(3) = 0 [pid 5384] mkdir("./file0", 0777) = 0 [pid 5384] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5384] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5384] chdir("./file0") = 0 [pid 5384] ioctl(4, LOOP_CLR_FD) = 0 [pid 5384] close(4) = 0 [pid 5384] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5384] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5383] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5384] <... futex resumed>) = 1 [pid 5384] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5384] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5383] <... futex resumed>) = 0 [pid 5384] <... futex resumed>) = 1 [pid 5383] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5384] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5383] <... futex resumed>) = 0 [pid 5384] <... mmap resumed>) = 0x20000000 [pid 5383] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5383] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5383] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5384] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5384] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5383] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5383] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5385 attached => {parent_tid=[5385]}, 88) = 5385 [pid 5385] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5383] rt_sigprocmask(SIG_SETMASK, [], [pid 5385] <... rseq resumed>) = 0 [pid 5383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5385] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5383] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5385] rt_sigprocmask(SIG_SETMASK, [], [pid 5383] <... futex resumed>) = 0 [pid 5385] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5383] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5385] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5383] <... futex resumed>) = ? [pid 5384] <... futex resumed>) = ? [pid 5384] +++ killed by SIGBUS +++ [pid 5385] +++ killed by SIGBUS +++ [pid 5383] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5383, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./116", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./116/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./116/binderfs") = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./116/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./116/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./116/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./116/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./116") = 0 mkdir("./117", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5386 attached , child_tidptr=0x555556218690) = 5386 [pid 5386] set_robust_list(0x5555562186a0, 24) = 0 [pid 5386] chdir("./117") = 0 [pid 5386] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5386] setpgid(0, 0) = 0 [pid 5386] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5386] write(3, "1000", 4) = 4 [pid 5386] close(3) = 0 [pid 5386] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5386] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5386] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5386] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5387 attached => {parent_tid=[5387]}, 88) = 5387 [pid 5387] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5387] set_robust_list(0x7f3dc90769a0, 24 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], [pid 5387] <... set_robust_list resumed>) = 0 [pid 5386] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5387] rt_sigprocmask(SIG_SETMASK, [], [pid 5386] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5387] memfd_create("syzkaller", 0) = 3 [pid 5387] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [ 85.536319][ T5384] loop0: detected capacity change from 0 to 2048 [ 85.549204][ T5384] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5387] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5387] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5387] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5387] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5387] close(3) = 0 [pid 5387] mkdir("./file0", 0777) = 0 [pid 5387] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5387] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5387] chdir("./file0") = 0 [pid 5387] ioctl(4, LOOP_CLR_FD) = 0 [pid 5387] close(4) = 0 [pid 5387] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5387] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... futex resumed>) = 0 [pid 5387] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5386] <... futex resumed>) = 1 [pid 5386] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] <... open resumed>) = 4 [pid 5387] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5387] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5386] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5387] <... open resumed>) = 5 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5386] <... futex resumed>) = 0 [pid 5386] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5386] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5387] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5386] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5387] <... mmap resumed>) = 0x20000000 [pid 5386] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5386] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5388]}, 88) = 5388 [pid 5386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5386] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5386] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5387] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5387] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5388 attached [pid 5388] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5388] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5388] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5387] <... futex resumed>) = ? [pid 5386] <... futex resumed>) = ? [pid 5388] +++ killed by SIGBUS +++ [pid 5387] +++ killed by SIGBUS +++ [pid 5386] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5386, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./117", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./117/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./117/binderfs") = 0 [ 85.612129][ T5387] loop0: detected capacity change from 0 to 2048 [ 85.627857][ T5387] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./117/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./117/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./117/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./117/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./117") = 0 mkdir("./118", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5389 ./strace-static-x86_64: Process 5389 attached [pid 5389] set_robust_list(0x5555562186a0, 24) = 0 [pid 5389] chdir("./118") = 0 [pid 5389] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5389] setpgid(0, 0) = 0 [pid 5389] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5389] write(3, "1000", 4) = 4 [pid 5389] close(3) = 0 [pid 5389] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5389] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5389] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5389] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5390]}, 88) = 5390 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5390 attached [pid 5390] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5390] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5390] memfd_create("syzkaller", 0) = 3 [pid 5390] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5390] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5390] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5390] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5390] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5390] close(3) = 0 [pid 5390] mkdir("./file0", 0777) = 0 [pid 5390] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5390] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5390] chdir("./file0") = 0 [pid 5390] ioctl(4, LOOP_CLR_FD) = 0 [pid 5390] close(4) = 0 [pid 5390] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5390] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5389] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... futex resumed>) = 0 [pid 5390] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5390] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5390] <... futex resumed>) = 1 [pid 5390] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5390] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5389] <... futex resumed>) = 0 [pid 5390] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5389] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5390] <... open resumed>) = 5 [pid 5390] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5389] <... futex resumed>) = 0 [pid 5389] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5389] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5390] <... futex resumed>) = 1 [pid 5389] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5390] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5389] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5390] <... mmap resumed>) = 0x20000000 [pid 5389] <... mprotect resumed>) = 0 [pid 5389] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5390] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5390] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5389] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5389] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5391]}, 88) = 5391 [pid 5389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5389] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5391 attached ) = 0 [pid 5391] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5389] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5391] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5391] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5390] <... futex resumed>) = ? [pid 5389] <... futex resumed>) = ? [pid 5391] +++ killed by SIGBUS +++ [pid 5390] +++ killed by SIGBUS +++ [pid 5389] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5389, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./118", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./118/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./118/binderfs") = 0 [ 85.726913][ T5390] loop0: detected capacity change from 0 to 2048 [ 85.737605][ T5390] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./118/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./118/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./118/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./118/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./118") = 0 mkdir("./119", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5392 attached , child_tidptr=0x555556218690) = 5392 [pid 5392] set_robust_list(0x5555562186a0, 24) = 0 [pid 5392] chdir("./119") = 0 [pid 5392] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5392] setpgid(0, 0) = 0 [pid 5392] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5392] write(3, "1000", 4) = 4 [pid 5392] close(3) = 0 [pid 5392] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5392] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5392] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5392] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5393]}, 88) = 5393 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5392] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5393 attached [pid 5393] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5393] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5393] memfd_create("syzkaller", 0) = 3 [pid 5393] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5393] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5393] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5393] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5393] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5393] close(3) = 0 [pid 5393] mkdir("./file0", 0777) = 0 [pid 5393] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5393] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5393] chdir("./file0") = 0 [pid 5393] ioctl(4, LOOP_CLR_FD) = 0 [pid 5393] close(4) = 0 [pid 5393] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 1 [pid 5393] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5393] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5393] <... futex resumed>) = 1 [pid 5393] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5393] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5392] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5393] <... futex resumed>) = 1 [pid 5392] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5393] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5392] <... mprotect resumed>) = 0 [pid 5392] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5393] <... mmap resumed>) = 0x20000000 [pid 5392] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5393] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5393] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5394 attached [pid 5394] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5392] <... clone3 resumed> => {parent_tid=[5394]}, 88) = 5394 [pid 5394] <... rseq resumed>) = 0 [pid 5392] rt_sigprocmask(SIG_SETMASK, [], [pid 5394] set_robust_list(0x7f3dc0d559a0, 24 [pid 5392] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5394] <... set_robust_list resumed>) = 0 [pid 5392] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5392] <... futex resumed>) = 0 [pid 5392] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5394] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5393] <... futex resumed>) = ? [pid 5393] +++ killed by SIGBUS +++ [pid 5392] <... futex resumed>) = ? [pid 5394] +++ killed by SIGBUS +++ [pid 5392] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5392, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./119", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./119/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./119/binderfs") = 0 [ 85.842356][ T5393] loop0: detected capacity change from 0 to 2048 [ 85.852936][ T5393] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./119/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./119/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./119/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./119/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./119") = 0 mkdir("./120", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5395 ./strace-static-x86_64: Process 5395 attached [pid 5395] set_robust_list(0x5555562186a0, 24) = 0 [pid 5395] chdir("./120") = 0 [pid 5395] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5395] setpgid(0, 0) = 0 [pid 5395] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5395] write(3, "1000", 4) = 4 [pid 5395] close(3) = 0 [pid 5395] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5395] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5395] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5395] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5396]}, 88) = 5396 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5395] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5396 attached [pid 5396] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5396] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5396] memfd_create("syzkaller", 0) = 3 [pid 5396] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5396] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5396] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5396] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5396] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5396] close(3) = 0 [pid 5396] mkdir("./file0", 0777) = 0 [pid 5396] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5396] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5396] chdir("./file0") = 0 [pid 5396] ioctl(4, LOOP_CLR_FD) = 0 [pid 5396] close(4) = 0 [pid 5396] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5395] <... futex resumed>) = 0 [pid 5396] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5395] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] <... open resumed>) = 4 [pid 5396] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5396] <... futex resumed>) = 0 [pid 5395] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5396] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5396] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5395] <... futex resumed>) = 0 [pid 5396] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5396] <... futex resumed>) = 0 [pid 5395] <... futex resumed>) = 1 [pid 5396] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5395] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5395] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5396] <... mmap resumed>) = 0x20000000 [pid 5396] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5396] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5395] <... mprotect resumed>) = 0 [pid 5395] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5395] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5397]}, 88) = 5397 [pid 5395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5395] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5395] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5397 attached [pid 5397] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5397] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5397] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5396] <... futex resumed>) = ? [pid 5396] +++ killed by SIGBUS +++ [pid 5395] <... futex resumed>) = ? [pid 5397] +++ killed by SIGBUS +++ [pid 5395] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5395, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./120", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./120/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./120/binderfs") = 0 [ 85.955305][ T5396] loop0: detected capacity change from 0 to 2048 [ 85.966301][ T5396] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./120/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./120/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./120/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./120/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./120") = 0 mkdir("./121", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5398 attached , child_tidptr=0x555556218690) = 5398 [pid 5398] set_robust_list(0x5555562186a0, 24) = 0 [pid 5398] chdir("./121") = 0 [pid 5398] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5398] setpgid(0, 0) = 0 [pid 5398] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5398] write(3, "1000", 4) = 4 [pid 5398] close(3) = 0 [pid 5398] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5398] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5398] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5398] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5398] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5399 attached [pid 5399] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5398] <... clone3 resumed> => {parent_tid=[5399]}, 88) = 5399 [pid 5399] <... rseq resumed>) = 0 [pid 5398] rt_sigprocmask(SIG_SETMASK, [], [pid 5399] set_robust_list(0x7f3dc90769a0, 24 [pid 5398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5399] <... set_robust_list resumed>) = 0 [pid 5398] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] rt_sigprocmask(SIG_SETMASK, [], [pid 5398] <... futex resumed>) = 0 [pid 5399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5398] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5399] memfd_create("syzkaller", 0) = 3 [pid 5399] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5399] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5399] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5399] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5399] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5399] close(3) = 0 [pid 5399] mkdir("./file0", 0777) = 0 [pid 5399] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5399] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5399] chdir("./file0") = 0 [pid 5399] ioctl(4, LOOP_CLR_FD) = 0 [pid 5399] close(4) = 0 [pid 5399] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] <... futex resumed>) = 0 [pid 5398] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = 0 [pid 5398] <... futex resumed>) = 1 [pid 5399] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5398] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5399] <... open resumed>) = 4 [pid 5399] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5398] <... futex resumed>) = 0 [pid 5399] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5399] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5398] <... futex resumed>) = 0 [pid 5399] <... open resumed>) = 5 [pid 5399] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5399] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5398] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5399] <... futex resumed>) = 0 [pid 5398] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5399] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5398] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5399] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5398] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5399] <... futex resumed>) = 0 [pid 5399] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5398] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5398] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5400 attached => {parent_tid=[5400]}, 88) = 5400 [pid 5400] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5400] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5400] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5400] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5398] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5398] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5400] <... futex resumed>) = 0 [pid 5398] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5400] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5398] <... futex resumed>) = ? [pid 5399] <... futex resumed>) = ? [pid 5399] +++ killed by SIGBUS +++ [pid 5400] +++ killed by SIGBUS +++ [pid 5398] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5398, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./121", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./121/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./121/binderfs") = 0 [ 86.071157][ T5399] loop0: detected capacity change from 0 to 2048 [ 86.082047][ T5399] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./121/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./121/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./121/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./121/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./121") = 0 mkdir("./122", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5401 attached , child_tidptr=0x555556218690) = 5401 [pid 5401] set_robust_list(0x5555562186a0, 24) = 0 [pid 5401] chdir("./122") = 0 [pid 5401] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5401] setpgid(0, 0) = 0 [pid 5401] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5401] write(3, "1000", 4) = 4 [pid 5401] close(3) = 0 [pid 5401] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5401] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5401] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5401] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5402]}, 88) = 5402 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5401] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5402 attached [pid 5402] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5402] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5402] memfd_create("syzkaller", 0) = 3 [pid 5402] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5402] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5402] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5402] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5402] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5402] close(3) = 0 [pid 5402] mkdir("./file0", 0777) = 0 [pid 5402] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5402] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5402] chdir("./file0") = 0 [pid 5402] ioctl(4, LOOP_CLR_FD) = 0 [pid 5402] close(4) = 0 [pid 5402] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... futex resumed>) = 0 [pid 5402] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5402] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5401] <... futex resumed>) = 1 [pid 5402] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5401] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5402] <... open resumed>) = 5 [pid 5402] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5402] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5401] <... futex resumed>) = 0 [pid 5401] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5401] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5402] <... futex resumed>) = 0 [pid 5402] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5401] <... futex resumed>) = 0 [pid 5401] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5401] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5401] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5401] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5403]}, 88) = 5403 ./strace-static-x86_64: Process 5403 attached [pid 5403] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5401] rt_sigprocmask(SIG_SETMASK, [], [pid 5403] <... rseq resumed>) = 0 [pid 5401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5403] rt_sigprocmask(SIG_SETMASK, [], [pid 5401] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5401] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5403] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5403] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5402] <... futex resumed>) = ? [pid 5402] +++ killed by SIGBUS +++ [pid 5401] <... futex resumed>) = ? [pid 5403] +++ killed by SIGBUS +++ [pid 5401] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5401, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./122", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./122/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./122/binderfs") = 0 [ 86.188255][ T5402] loop0: detected capacity change from 0 to 2048 [ 86.200955][ T5402] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./122/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./122/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./122/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./122/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./122") = 0 mkdir("./123", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5404 attached , child_tidptr=0x555556218690) = 5404 [pid 5404] set_robust_list(0x5555562186a0, 24) = 0 [pid 5404] chdir("./123") = 0 [pid 5404] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5404] setpgid(0, 0) = 0 [pid 5404] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5404] write(3, "1000", 4) = 4 [pid 5404] close(3) = 0 [pid 5404] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5404] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5404] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5404] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5404] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5405 attached => {parent_tid=[5405]}, 88) = 5405 [pid 5405] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5405] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5405] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5404] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] <... futex resumed>) = 0 [pid 5404] <... futex resumed>) = 1 [pid 5405] memfd_create("syzkaller", 0 [pid 5404] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5405] <... memfd_create resumed>) = 3 [pid 5405] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5405] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5405] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5405] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5405] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5405] close(3) = 0 [pid 5405] mkdir("./file0", 0777) = 0 [pid 5405] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5405] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5405] chdir("./file0") = 0 [pid 5405] ioctl(4, LOOP_CLR_FD) = 0 [pid 5405] close(4) = 0 [pid 5405] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... open resumed>) = 4 [pid 5405] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5405] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] <... futex resumed>) = 0 [pid 5405] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5404] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5405] <... open resumed>) = 5 [pid 5405] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5405] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5404] <... futex resumed>) = 0 [pid 5404] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] <... mmap resumed>) = 0x20000000 [pid 5405] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5405] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5404] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5404] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5404] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5404] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5406 attached => {parent_tid=[5406]}, 88) = 5406 [pid 5406] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5404] rt_sigprocmask(SIG_SETMASK, [], [pid 5406] <... rseq resumed>) = 0 [pid 5404] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] set_robust_list(0x7f3dc0d559a0, 24 [pid 5404] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5406] <... set_robust_list resumed>) = 0 [pid 5404] <... futex resumed>) = 0 [pid 5406] rt_sigprocmask(SIG_SETMASK, [], [pid 5404] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5406] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5405] <... futex resumed>) = ? [pid 5404] <... futex resumed>) = ? [pid 5405] +++ killed by SIGBUS +++ [pid 5406] +++ killed by SIGBUS +++ [pid 5404] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5404, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./123", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./123", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./123/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./123/binderfs") = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./123/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./123/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 86.318772][ T5405] loop0: detected capacity change from 0 to 2048 [ 86.330260][ T5405] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./123/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./123/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./123") = 0 mkdir("./124", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5407 ./strace-static-x86_64: Process 5407 attached [pid 5407] set_robust_list(0x5555562186a0, 24) = 0 [pid 5407] chdir("./124") = 0 [pid 5407] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5407] setpgid(0, 0) = 0 [pid 5407] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5407] write(3, "1000", 4) = 4 [pid 5407] close(3) = 0 [pid 5407] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5407] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5407] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5407] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5408 attached [pid 5408] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5408] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5407] <... clone3 resumed> => {parent_tid=[5408]}, 88) = 5408 [pid 5408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5408] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5408] <... futex resumed>) = 0 [pid 5408] memfd_create("syzkaller", 0) = 3 [pid 5408] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5408] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5408] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5408] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5408] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5408] close(3) = 0 [pid 5408] mkdir("./file0", 0777) = 0 [pid 5408] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5408] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5408] chdir("./file0") = 0 [pid 5408] ioctl(4, LOOP_CLR_FD) = 0 [pid 5408] close(4) = 0 [pid 5408] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5407] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5408] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5408] <... futex resumed>) = 0 [pid 5407] <... futex resumed>) = 1 [pid 5408] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5407] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... open resumed>) = 5 [pid 5408] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5407] <... futex resumed>) = 0 [pid 5408] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5407] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5407] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5407] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5408] <... mmap resumed>) = 0x20000000 [pid 5407] <... mprotect resumed>) = 0 [pid 5408] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5408] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5407] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5407] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5409 attached [pid 5409] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5407] <... clone3 resumed> => {parent_tid=[5409]}, 88) = 5409 [pid 5409] <... rseq resumed>) = 0 [pid 5407] rt_sigprocmask(SIG_SETMASK, [], [pid 5409] set_robust_list(0x7f3dc0d559a0, 24 [pid 5407] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5409] <... set_robust_list resumed>) = 0 [pid 5409] rt_sigprocmask(SIG_SETMASK, [], [pid 5407] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5407] <... futex resumed>) = 0 [pid 5409] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5407] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5408] <... futex resumed>) = ? [pid 5407] <... futex resumed>) = ? [pid 5408] +++ killed by SIGBUS +++ [pid 5409] +++ killed by SIGBUS +++ [pid 5407] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5407, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./124", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./124/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./124/binderfs") = 0 [ 86.424367][ T5408] loop0: detected capacity change from 0 to 2048 [ 86.435965][ T5408] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./124/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./124/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./124/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./124/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./124") = 0 mkdir("./125", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5410 ./strace-static-x86_64: Process 5410 attached [pid 5410] set_robust_list(0x5555562186a0, 24) = 0 [pid 5410] chdir("./125") = 0 [pid 5410] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5410] setpgid(0, 0) = 0 [pid 5410] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5410] write(3, "1000", 4) = 4 [pid 5410] close(3) = 0 [pid 5410] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5410] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5410] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5410] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5411]}, 88) = 5411 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5410] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5411 attached [pid 5411] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5411] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5411] memfd_create("syzkaller", 0) = 3 [pid 5411] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5411] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5411] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5411] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5411] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5411] close(3) = 0 [pid 5411] mkdir("./file0", 0777) = 0 [pid 5411] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5411] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5411] chdir("./file0") = 0 [pid 5411] ioctl(4, LOOP_CLR_FD) = 0 [pid 5411] close(4) = 0 [pid 5411] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5411] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... futex resumed>) = 0 [pid 5411] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5411] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5410] <... futex resumed>) = 0 [pid 5411] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5410] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5411] <... open resumed>) = 5 [pid 5411] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5410] <... futex resumed>) = 0 [pid 5411] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5410] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5411] <... mmap resumed>) = 0x20000000 [pid 5410] <... futex resumed>) = 0 [pid 5410] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5410] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5410] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5411] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5410] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5411] <... futex resumed>) = 0 [pid 5410] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5411] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5410] <... clone3 resumed> => {parent_tid=[5412]}, 88) = 5412 [pid 5410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5410] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5410] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5412 attached [pid 5412] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5412] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5412] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5411] <... futex resumed>) = ? [pid 5410] <... futex resumed>) = ? [pid 5411] +++ killed by SIGBUS +++ [pid 5412] +++ killed by SIGBUS +++ [pid 5410] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5410, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 86.530252][ T5411] loop0: detected capacity change from 0 to 2048 [ 86.541829][ T5411] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./125", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./125/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./125/binderfs") = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./125/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./125/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./125/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./125/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./125") = 0 mkdir("./126", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5413 attached , child_tidptr=0x555556218690) = 5413 [pid 5413] set_robust_list(0x5555562186a0, 24) = 0 [pid 5413] chdir("./126") = 0 [pid 5413] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5413] setpgid(0, 0) = 0 [pid 5413] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5413] write(3, "1000", 4) = 4 [pid 5413] close(3) = 0 [pid 5413] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5413] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5413] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5413] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5414]}, 88) = 5414 ./strace-static-x86_64: Process 5414 attached [pid 5413] rt_sigprocmask(SIG_SETMASK, [], [pid 5414] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5413] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] <... rseq resumed>) = 0 [pid 5414] set_robust_list(0x7f3dc90769a0, 24 [pid 5413] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... set_robust_list resumed>) = 0 [pid 5413] <... futex resumed>) = 0 [pid 5414] rt_sigprocmask(SIG_SETMASK, [], [pid 5413] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5414] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5414] memfd_create("syzkaller", 0) = 3 [pid 5414] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5414] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5414] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5414] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5414] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5414] close(3) = 0 [pid 5414] mkdir("./file0", 0777) = 0 [pid 5414] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5414] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5414] chdir("./file0") = 0 [pid 5414] ioctl(4, LOOP_CLR_FD) = 0 [pid 5414] close(4) = 0 [pid 5414] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5414] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = 0 [pid 5413] <... futex resumed>) = 1 [pid 5414] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5413] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] <... open resumed>) = 4 [pid 5414] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5413] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5413] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5414] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5414] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5413] <... futex resumed>) = 0 [pid 5414] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5414] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5413] <... futex resumed>) = 0 [pid 5414] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5413] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5414] <... mmap resumed>) = 0x20000000 [pid 5413] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5414] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5413] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5414] <... futex resumed>) = 0 [pid 5413] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5414] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5413] <... mprotect resumed>) = 0 [pid 5413] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5413] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5415]}, 88) = 5415 ./strace-static-x86_64: Process 5415 attached [pid 5413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5415] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5413] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5415] <... rseq resumed>) = 0 [pid 5413] <... futex resumed>) = 0 [pid 5415] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5413] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5414] <... futex resumed>) = ? [pid 5413] <... futex resumed>) = ? [pid 5415] +++ killed by SIGBUS +++ [pid 5414] +++ killed by SIGBUS +++ [pid 5413] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5413, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./126", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./126/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./126/binderfs") = 0 [ 86.659071][ T5414] loop0: detected capacity change from 0 to 2048 [ 86.671292][ T5414] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./126/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./126/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./126/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./126/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./126") = 0 mkdir("./127", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5416 attached [pid 5416] set_robust_list(0x5555562186a0, 24) = 0 [pid 5416] chdir("./127") = 0 [pid 5416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5416] setpgid(0, 0) = 0 [pid 5416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5416] write(3, "1000", 4) = 4 [pid 5416] close(3) = 0 [pid 5416] symlink("/dev/binderfs", "./binderfs" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5416 [pid 5416] <... symlink resumed>) = 0 [pid 5416] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5416] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5416] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5417 attached => {parent_tid=[5417]}, 88) = 5417 [pid 5417] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5416] rt_sigprocmask(SIG_SETMASK, [], [pid 5417] <... rseq resumed>) = 0 [pid 5416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5417] set_robust_list(0x7f3dc90769a0, 24 [pid 5416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... set_robust_list resumed>) = 0 [pid 5416] <... futex resumed>) = 0 [pid 5417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5416] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5417] memfd_create("syzkaller", 0) = 3 [pid 5417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5417] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5417] close(3) = 0 [pid 5417] mkdir("./file0", 0777) = 0 [pid 5417] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5417] chdir("./file0") = 0 [pid 5417] ioctl(4, LOOP_CLR_FD) = 0 [pid 5417] close(4) = 0 [pid 5417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... open resumed>) = 4 [pid 5417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5416] <... futex resumed>) = 0 [pid 5416] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5417] <... open resumed>) = 5 [pid 5417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5416] <... futex resumed>) = 0 [pid 5417] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5416] <... futex resumed>) = 0 [pid 5417] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5416] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5417] <... mmap resumed>) = 0x20000000 [pid 5416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5416] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5417] <... futex resumed>) = 0 [pid 5417] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5418 attached => {parent_tid=[5418]}, 88) = 5418 [pid 5418] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5416] rt_sigprocmask(SIG_SETMASK, [], [pid 5418] <... rseq resumed>) = 0 [pid 5416] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5418] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5416] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5418] rt_sigprocmask(SIG_SETMASK, [], [pid 5416] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5418] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5418] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5417] <... futex resumed>) = ? [pid 5416] <... futex resumed>) = ? [pid 5417] +++ killed by SIGBUS +++ [pid 5418] +++ killed by SIGBUS +++ [pid 5416] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5416, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./127", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./127/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./127/binderfs") = 0 [ 86.788843][ T5417] loop0: detected capacity change from 0 to 2048 [ 86.801495][ T5417] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./127/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./127/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./127/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./127/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./127") = 0 mkdir("./128", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5419 ./strace-static-x86_64: Process 5419 attached [pid 5419] set_robust_list(0x5555562186a0, 24) = 0 [pid 5419] chdir("./128") = 0 [pid 5419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5419] setpgid(0, 0) = 0 [pid 5419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5419] write(3, "1000", 4) = 4 [pid 5419] close(3) = 0 [pid 5419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5419] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5419] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5420]}, 88) = 5420 ./strace-static-x86_64: Process 5420 attached [pid 5419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5420] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5420] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5420] memfd_create("syzkaller", 0) = 3 [pid 5420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5420] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5420] close(3) = 0 [pid 5420] mkdir("./file0", 0777) = 0 [ 86.900124][ T5420] __do_sys_memfd_create: 32 callbacks suppressed [ 86.900142][ T5420] syz-executor183[5420]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 86.930263][ T5420] loop0: detected capacity change from 0 to 2048 [ 86.941677][ T5420] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5420] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5420] chdir("./file0") = 0 [pid 5420] ioctl(4, LOOP_CLR_FD) = 0 [pid 5420] close(4) = 0 [pid 5420] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5420] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5420] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5419] <... futex resumed>) = 0 [pid 5420] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5419] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... open resumed>) = 4 [pid 5420] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5420] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5419] <... futex resumed>) = 0 [pid 5419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5419] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5421]}, 88) = 5421 [pid 5419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5419] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5419] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5420] <... futex resumed>) = 1 [pid 5420] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5421] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5421] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5420] <... futex resumed>) = ? [pid 5419] <... futex resumed>) = ? [pid 5421] +++ killed by SIGBUS +++ [pid 5420] +++ killed by SIGBUS +++ [pid 5419] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5419, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./128", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./128/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./128/binderfs") = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./128/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./128/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./128/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./128/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./128") = 0 mkdir("./129", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5423 ./strace-static-x86_64: Process 5423 attached [pid 5423] set_robust_list(0x5555562186a0, 24) = 0 [pid 5423] chdir("./129") = 0 [pid 5423] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5423] setpgid(0, 0) = 0 [pid 5423] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5423] write(3, "1000", 4) = 4 [pid 5423] close(3) = 0 [pid 5423] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5423] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5423] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5423] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5424 attached => {parent_tid=[5424]}, 88) = 5424 [pid 5424] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5424] <... rseq resumed>) = 0 [pid 5424] set_robust_list(0x7f3dc90769a0, 24 [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5424] <... set_robust_list resumed>) = 0 [pid 5423] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5424] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] <... futex resumed>) = 0 [pid 5424] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5423] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [ 87.000999][ T23] cfg80211: failed to load regulatory.db [pid 5424] memfd_create("syzkaller", 0) = 3 [pid 5424] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5424] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5424] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5424] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5424] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5424] close(3) = 0 [pid 5424] mkdir("./file0", 0777) = 0 [pid 5424] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5424] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5424] chdir("./file0") = 0 [pid 5424] ioctl(4, LOOP_CLR_FD) = 0 [pid 5424] close(4) = 0 [pid 5424] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5424] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5424] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5424] <... futex resumed>) = 0 [pid 5423] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5424] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5424] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5423] <... futex resumed>) = 0 [pid 5423] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5423] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5423] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5424] <... mmap resumed>) = 0x20000000 [pid 5423] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5424] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5424] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5423] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5423] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5423] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5425 attached [pid 5425] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5423] <... clone3 resumed> => {parent_tid=[5425]}, 88) = 5425 [pid 5425] <... rseq resumed>) = 0 [pid 5423] rt_sigprocmask(SIG_SETMASK, [], [pid 5425] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5425] rt_sigprocmask(SIG_SETMASK, [], [pid 5423] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5423] <... futex resumed>) = 0 [pid 5425] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5423] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5424] <... futex resumed>) = ? [pid 5425] +++ killed by SIGBUS +++ [pid 5424] +++ killed by SIGBUS +++ [pid 5423] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5423, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./129", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./129/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./129/binderfs") = 0 [ 87.047721][ T5424] syz-executor183[5424]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.070930][ T5424] loop0: detected capacity change from 0 to 2048 [ 87.082279][ T5424] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./129/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./129/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./129/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./129/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./129") = 0 mkdir("./130", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5426 attached , child_tidptr=0x555556218690) = 5426 [pid 5426] set_robust_list(0x5555562186a0, 24) = 0 [pid 5426] chdir("./130") = 0 [pid 5426] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5426] setpgid(0, 0) = 0 [pid 5426] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5426] write(3, "1000", 4) = 4 [pid 5426] close(3) = 0 [pid 5426] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5426] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5426] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5426] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5427 attached => {parent_tid=[5427]}, 88) = 5427 [pid 5427] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], [pid 5427] set_robust_list(0x7f3dc90769a0, 24 [pid 5426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5427] <... set_robust_list resumed>) = 0 [pid 5426] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5426] <... futex resumed>) = 0 [pid 5427] memfd_create("syzkaller", 0 [pid 5426] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5427] <... memfd_create resumed>) = 3 [pid 5427] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5427] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5427] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5427] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5427] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5427] close(3) = 0 [pid 5427] mkdir("./file0", 0777) = 0 [pid 5427] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5427] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5427] chdir("./file0") = 0 [pid 5427] ioctl(4, LOOP_CLR_FD) = 0 [pid 5427] close(4) = 0 [pid 5427] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... open resumed>) = 4 [pid 5427] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5427] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... futex resumed>) = 0 [pid 5426] <... futex resumed>) = 1 [pid 5427] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5426] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5427] <... open resumed>) = 5 [pid 5427] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5426] <... futex resumed>) = 0 [pid 5427] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5426] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5427] <... mmap resumed>) = 0x20000000 [pid 5426] <... futex resumed>) = 0 [pid 5426] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5426] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5427] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5427] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5426] <... mprotect resumed>) = 0 [pid 5426] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5426] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5428 attached => {parent_tid=[5428]}, 88) = 5428 [pid 5426] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5426] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5426] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5428] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5428] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5428] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5426] <... futex resumed>) = ? [pid 5427] <... futex resumed>) = ? [pid 5427] +++ killed by SIGBUS +++ [pid 5428] +++ killed by SIGBUS +++ [pid 5426] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5426, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./130", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./130/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./130/binderfs") = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./130/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./130/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./130/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 87.171340][ T5427] syz-executor183[5427]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.196079][ T5427] loop0: detected capacity change from 0 to 2048 [ 87.207266][ T5427] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./130/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./130") = 0 mkdir("./131", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5429 ./strace-static-x86_64: Process 5429 attached [pid 5429] set_robust_list(0x5555562186a0, 24) = 0 [pid 5429] chdir("./131") = 0 [pid 5429] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5429] setpgid(0, 0) = 0 [pid 5429] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5429] write(3, "1000", 4) = 4 [pid 5429] close(3) = 0 [pid 5429] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5429] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5429] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5429] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5430 attached => {parent_tid=[5430]}, 88) = 5430 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5430] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5430] set_robust_list(0x7f3dc90769a0, 24 [pid 5429] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] <... set_robust_list resumed>) = 0 [pid 5430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5430] memfd_create("syzkaller", 0 [pid 5429] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5430] <... memfd_create resumed>) = 3 [pid 5430] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5430] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5430] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5430] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5430] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5430] close(3) = 0 [pid 5430] mkdir("./file0", 0777) = 0 [ 87.289167][ T5430] syz-executor183[5430]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.321783][ T5430] loop0: detected capacity change from 0 to 2048 [pid 5430] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5430] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5430] chdir("./file0") = 0 [pid 5430] ioctl(4, LOOP_CLR_FD) = 0 [pid 5430] close(4) = 0 [pid 5430] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5429] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5430] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5430] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5430] <... futex resumed>) = 0 [pid 5430] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5429] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5430] <... open resumed>) = 5 [pid 5430] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5429] <... futex resumed>) = 0 [pid 5429] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5430] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5429] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5429] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5429] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5430] <... mmap resumed>) = 0x20000000 [pid 5430] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5429] <... mprotect resumed>) = 0 [pid 5430] <... futex resumed>) = 0 [pid 5430] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5429] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5429] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5431 attached [pid 5431] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5429] <... clone3 resumed> => {parent_tid=[5431]}, 88) = 5431 [pid 5431] <... rseq resumed>) = 0 [pid 5429] rt_sigprocmask(SIG_SETMASK, [], [pid 5431] set_robust_list(0x7f3dc0d559a0, 24 [pid 5429] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5431] <... set_robust_list resumed>) = 0 [pid 5429] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5431] rt_sigprocmask(SIG_SETMASK, [], [pid 5429] <... futex resumed>) = 0 [pid 5431] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5429] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5431] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5430] <... futex resumed>) = ? [pid 5429] <... futex resumed>) = ? [pid 5430] +++ killed by SIGBUS +++ [pid 5431] +++ killed by SIGBUS +++ [pid 5429] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5429, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./131", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./131/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./131/binderfs") = 0 [ 87.335293][ T5430] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./131/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./131/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./131/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./131/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./131") = 0 mkdir("./132", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5432 ./strace-static-x86_64: Process 5432 attached [pid 5432] set_robust_list(0x5555562186a0, 24) = 0 [pid 5432] chdir("./132") = 0 [pid 5432] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5432] setpgid(0, 0) = 0 [pid 5432] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5432] write(3, "1000", 4) = 4 [pid 5432] close(3) = 0 [pid 5432] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5432] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5432] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5432] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5433]}, 88) = 5433 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5432] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5432] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5433 attached [pid 5433] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5433] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5433] memfd_create("syzkaller", 0) = 3 [pid 5433] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5433] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5433] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5433] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5433] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5433] close(3) = 0 [pid 5433] mkdir("./file0", 0777) = 0 [pid 5433] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5433] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5433] chdir("./file0") = 0 [pid 5433] ioctl(4, LOOP_CLR_FD) = 0 [pid 5433] close(4) = 0 [pid 5433] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] <... futex resumed>) = 0 [pid 5433] <... futex resumed>) = 1 [pid 5432] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] <... open resumed>) = 4 [pid 5433] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5433] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5433] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5432] <... futex resumed>) = 0 [pid 5432] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5433] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5432] <... futex resumed>) = 0 [pid 5433] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... futex resumed>) = 0 [pid 5432] <... futex resumed>) = 1 [pid 5433] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5432] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5433] <... mmap resumed>) = 0x20000000 [pid 5432] <... futex resumed>) = 0 [pid 5433] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5432] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5433] <... futex resumed>) = 0 [pid 5432] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5433] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5432] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5432] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5434 attached [pid 5434] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5432] <... clone3 resumed> => {parent_tid=[5434]}, 88) = 5434 [pid 5434] <... rseq resumed>) = 0 [pid 5432] rt_sigprocmask(SIG_SETMASK, [], [pid 5434] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5434] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5434] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5432] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5432] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5434] <... futex resumed>) = 0 [pid 5432] <... futex resumed>) = 1 [pid 5432] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5434] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5433] <... futex resumed>) = ? [pid 5432] <... futex resumed>) = ? [pid 5433] +++ killed by SIGBUS +++ [pid 5434] +++ killed by SIGBUS +++ [ 87.436369][ T5433] syz-executor183[5433]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.466961][ T5433] loop0: detected capacity change from 0 to 2048 [ 87.477648][ T5433] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5432] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5432, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./132", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./132/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./132/binderfs") = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./132/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./132/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./132/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./132/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./132") = 0 mkdir("./133", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5435 attached [pid 5435] set_robust_list(0x5555562186a0, 24) = 0 [pid 5435] chdir("./133") = 0 [pid 5435] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5435] setpgid(0, 0) = 0 [pid 5435] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5435] write(3, "1000", 4) = 4 [pid 5435] close(3) = 0 [pid 5435] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5435] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5435] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5435 [pid 5435] <... mmap resumed>) = 0x7f3dc9056000 [pid 5435] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5436]}, 88) = 5436 [pid 5435] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5436 attached NULL, 8) = 0 [pid 5436] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5435] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] <... rseq resumed>) = 0 [pid 5435] <... futex resumed>) = 0 [pid 5436] set_robust_list(0x7f3dc90769a0, 24 [pid 5435] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5436] <... set_robust_list resumed>) = 0 [pid 5436] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5436] memfd_create("syzkaller", 0) = 3 [pid 5436] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5436] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5436] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5436] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5436] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5436] close(3) = 0 [pid 5436] mkdir("./file0", 0777) = 0 [pid 5436] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5436] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5436] chdir("./file0") = 0 [pid 5436] ioctl(4, LOOP_CLR_FD) = 0 [pid 5436] close(4) = 0 [pid 5436] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... futex resumed>) = 1 [pid 5436] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5436] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5436] <... futex resumed>) = 1 [pid 5436] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5436] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5435] <... futex resumed>) = 0 [pid 5435] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5436] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5435] <... futex resumed>) = 0 [pid 5436] <... mmap resumed>) = 0x20000000 [pid 5435] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5435] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5436] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5435] <... mprotect resumed>) = 0 [pid 5436] <... futex resumed>) = 0 [pid 5436] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5435] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5437 attached [pid 5437] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5437] set_robust_list(0x7f3dc0d559a0, 24 [pid 5435] <... clone3 resumed> => {parent_tid=[5437]}, 88) = 5437 [pid 5437] <... set_robust_list resumed>) = 0 [pid 5437] rt_sigprocmask(SIG_SETMASK, [], [pid 5435] rt_sigprocmask(SIG_SETMASK, [], [pid 5437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5437] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5435] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5435] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5435] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5437] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5437] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5435] <... futex resumed>) = ? [pid 5436] <... futex resumed>) = ? [pid 5436] +++ killed by SIGBUS +++ [pid 5437] +++ killed by SIGBUS +++ [pid 5435] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5435, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./133", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./133/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./133/binderfs") = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./133/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./133/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./133/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 87.558116][ T5436] syz-executor183[5436]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.582843][ T5436] loop0: detected capacity change from 0 to 2048 [ 87.594563][ T5436] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./133/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./133") = 0 mkdir("./134", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5438 ./strace-static-x86_64: Process 5438 attached [pid 5438] set_robust_list(0x5555562186a0, 24) = 0 [pid 5438] chdir("./134") = 0 [pid 5438] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5438] setpgid(0, 0) = 0 [pid 5438] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5438] write(3, "1000", 4) = 4 [pid 5438] close(3) = 0 [pid 5438] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5438] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5438] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5438] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5438] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5439 attached => {parent_tid=[5439]}, 88) = 5439 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5439] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5438] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... rseq resumed>) = 0 [pid 5438] <... futex resumed>) = 0 [pid 5439] set_robust_list(0x7f3dc90769a0, 24 [pid 5438] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5439] <... set_robust_list resumed>) = 0 [pid 5439] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5439] memfd_create("syzkaller", 0) = 3 [pid 5439] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5439] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5439] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5439] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5439] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5439] close(3) = 0 [pid 5439] mkdir("./file0", 0777) = 0 [ 87.673389][ T5439] syz-executor183[5439]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 87.710179][ T5439] loop0: detected capacity change from 0 to 2048 [pid 5439] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5439] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5439] chdir("./file0") = 0 [pid 5439] ioctl(4, LOOP_CLR_FD) = 0 [pid 5439] close(4) = 0 [pid 5439] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5438] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... open resumed>) = 4 [pid 5439] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = 0 [pid 5438] <... futex resumed>) = 1 [pid 5439] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5438] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5439] <... open resumed>) = 5 [pid 5439] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5438] <... futex resumed>) = 0 [pid 5439] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5438] <... futex resumed>) = 0 [pid 5439] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5438] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5439] <... mmap resumed>) = 0x20000000 [pid 5438] <... futex resumed>) = 0 [pid 5438] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5438] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5439] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5439] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5438] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5438] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5440 attached => {parent_tid=[5440]}, 88) = 5440 [pid 5440] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5438] rt_sigprocmask(SIG_SETMASK, [], [pid 5440] <... rseq resumed>) = 0 [pid 5440] set_robust_list(0x7f3dc0d559a0, 24 [pid 5438] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5440] <... set_robust_list resumed>) = 0 [pid 5438] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5440] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5438] <... futex resumed>) = 0 [pid 5440] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5438] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5439] <... futex resumed>) = ? [pid 5439] +++ killed by SIGBUS +++ [pid 5440] +++ killed by SIGBUS +++ [pid 5438] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5438, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./134", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./134/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./134/binderfs") = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./134/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./134/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./134/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./134/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./134") = 0 mkdir("./135", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5441 [ 87.727312][ T5439] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ./strace-static-x86_64: Process 5441 attached [pid 5441] set_robust_list(0x5555562186a0, 24) = 0 [pid 5441] chdir("./135") = 0 [pid 5441] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5441] setpgid(0, 0) = 0 [pid 5441] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5441] write(3, "1000", 4) = 4 [pid 5441] close(3) = 0 [pid 5441] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5441] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5441] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5441] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5442 attached => {parent_tid=[5442]}, 88) = 5442 [pid 5442] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5442] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5442] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5441] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] <... futex resumed>) = 0 [pid 5441] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5442] memfd_create("syzkaller", 0) = 3 [pid 5442] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5442] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5442] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5442] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [ 87.806604][ T5442] syz-executor183[5442]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [pid 5442] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5442] close(3) = 0 [pid 5442] mkdir("./file0", 0777) = 0 [pid 5442] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5442] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5442] chdir("./file0") = 0 [pid 5442] ioctl(4, LOOP_CLR_FD) = 0 [pid 5442] close(4) = 0 [pid 5442] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5441] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... open resumed>) = 4 [pid 5442] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5441] <... futex resumed>) = 0 [pid 5442] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5441] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5442] <... open resumed>) = 5 [pid 5442] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5442] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] <... futex resumed>) = 0 [pid 5441] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5442] <... futex resumed>) = 0 [pid 5441] <... futex resumed>) = 1 [pid 5442] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5442] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5442] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5441] <... futex resumed>) = 0 [pid 5441] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5441] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5441] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5441] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5443 attached => {parent_tid=[5443]}, 88) = 5443 [pid 5443] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5443] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5441] rt_sigprocmask(SIG_SETMASK, [], [pid 5443] rt_sigprocmask(SIG_SETMASK, [], [pid 5441] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5443] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5441] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5441] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5443] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5441] <... futex resumed>) = ? [pid 5442] <... futex resumed>) = ? [pid 5442] +++ killed by SIGBUS +++ [pid 5443] +++ killed by SIGBUS +++ [pid 5441] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5441, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./135", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./135/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./135/binderfs") = 0 [ 87.852325][ T5442] loop0: detected capacity change from 0 to 2048 [ 87.875172][ T5442] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./135/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./135/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./135/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./135/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./135") = 0 mkdir("./136", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5444 attached , child_tidptr=0x555556218690) = 5444 [pid 5444] set_robust_list(0x5555562186a0, 24) = 0 [pid 5444] chdir("./136") = 0 [pid 5444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5444] setpgid(0, 0) = 0 [pid 5444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5444] write(3, "1000", 4) = 4 [pid 5444] close(3) = 0 [pid 5444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5444] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5444] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5445]}, 88) = 5445 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5444] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5445 attached [pid 5445] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5445] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5445] memfd_create("syzkaller", 0) = 3 [pid 5445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5445] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5445] close(3) = 0 [pid 5445] mkdir("./file0", 0777) = 0 [pid 5445] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5445] chdir("./file0") = 0 [pid 5445] ioctl(4, LOOP_CLR_FD) = 0 [pid 5445] close(4) = 0 [pid 5445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] <... futex resumed>) = 0 [pid 5445] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5445] <... futex resumed>) = 0 [pid 5444] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5445] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5444] <... futex resumed>) = 0 [pid 5445] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] <... mmap resumed>) = 0x20000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5444] <... futex resumed>) = 0 [pid 5444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5445] <... futex resumed>) = 0 [pid 5445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5444] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5446 attached => {parent_tid=[5446]}, 88) = 5446 [pid 5446] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5444] rt_sigprocmask(SIG_SETMASK, [], [pid 5446] <... rseq resumed>) = 0 [pid 5446] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5446] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5444] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [ 87.996938][ T5445] syz-executor183[5445]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 88.019898][ T5445] loop0: detected capacity change from 0 to 2048 [ 88.032261][ T5445] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5444] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5446] <... futex resumed>) = 0 [pid 5446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5444] <... futex resumed>) = ? [pid 5445] <... futex resumed>) = ? [pid 5445] +++ killed by SIGBUS +++ [pid 5446] +++ killed by SIGBUS +++ [pid 5444] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5444, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./136", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./136/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./136/binderfs") = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./136/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./136/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./136/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./136/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./136") = 0 mkdir("./137", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5447 ./strace-static-x86_64: Process 5447 attached [pid 5447] set_robust_list(0x5555562186a0, 24) = 0 [pid 5447] chdir("./137") = 0 [pid 5447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5447] setpgid(0, 0) = 0 [pid 5447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5447] write(3, "1000", 4) = 4 [pid 5447] close(3) = 0 [pid 5447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5447] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5447] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5448]}, 88) = 5448 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5447] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5448 attached [pid 5448] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5448] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5448] memfd_create("syzkaller", 0) = 3 [pid 5448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5448] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5448] close(3) = 0 [pid 5448] mkdir("./file0", 0777) = 0 [pid 5448] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5448] chdir("./file0") = 0 [pid 5448] ioctl(4, LOOP_CLR_FD) = 0 [pid 5448] close(4) = 0 [pid 5448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5448] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] <... futex resumed>) = 0 [pid 5448] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5447] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5448] <... open resumed>) = 4 [pid 5448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5448] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] <... futex resumed>) = 0 [pid 5448] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5447] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5448] <... open resumed>) = 5 [pid 5448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5447] <... futex resumed>) = 0 [pid 5448] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5447] <... futex resumed>) = 0 [pid 5448] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5447] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5448] <... mmap resumed>) = 0x20000000 [pid 5447] <... futex resumed>) = 0 [pid 5447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5447] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5448] <... futex resumed>) = 0 [pid 5447] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5447] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5448] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5447] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5449 attached => {parent_tid=[5449]}, 88) = 5449 [pid 5447] rt_sigprocmask(SIG_SETMASK, [], [pid 5449] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5447] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5449] <... rseq resumed>) = 0 [pid 5447] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5449] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5447] <... futex resumed>) = 0 [pid 5449] rt_sigprocmask(SIG_SETMASK, [], [pid 5447] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5449] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5449] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5447] <... futex resumed>) = ? [pid 5448] <... futex resumed>) = ? [pid 5448] +++ killed by SIGBUS +++ [pid 5449] +++ killed by SIGBUS +++ [pid 5447] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./137", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./137/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./137/binderfs") = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./137/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./137/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./137/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./137/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./137") = 0 [ 88.135392][ T5448] syz-executor183[5448]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 88.160564][ T5448] loop0: detected capacity change from 0 to 2048 [ 88.172488][ T5448] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./138", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5450 attached [pid 5450] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5450 [pid 5450] chdir("./138") = 0 [pid 5450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5450] setpgid(0, 0) = 0 [pid 5450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5450] write(3, "1000", 4) = 4 [pid 5450] close(3) = 0 [pid 5450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5450] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5450] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5451 attached => {parent_tid=[5451]}, 88) = 5451 [pid 5451] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] <... rseq resumed>) = 0 [pid 5451] set_robust_list(0x7f3dc90769a0, 24 [pid 5450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5451] <... set_robust_list resumed>) = 0 [pid 5450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] rt_sigprocmask(SIG_SETMASK, [], [pid 5450] <... futex resumed>) = 0 [pid 5451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5450] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5451] memfd_create("syzkaller", 0) = 3 [pid 5451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5451] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5451] close(3) = 0 [pid 5451] mkdir("./file0", 0777) = 0 [pid 5451] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5451] chdir("./file0") = 0 [pid 5451] ioctl(4, LOOP_CLR_FD) = 0 [pid 5451] close(4) = 0 [pid 5451] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5450] <... futex resumed>) = 0 [pid 5451] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5451] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5450] <... futex resumed>) = 0 [pid 5451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5450] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... open resumed>) = 4 [pid 5451] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] <... futex resumed>) = 1 [pid 5451] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5451] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5450] <... futex resumed>) = 0 [pid 5450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5450] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5451] <... futex resumed>) = 1 [pid 5450] <... clone3 resumed> => {parent_tid=[5452]}, 88) = 5452 [pid 5450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5450] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5450] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5451] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5452] rt_sigprocmask(SIG_SETMASK, [], [pid 5451] <... futex resumed>) = 0 [pid 5451] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5452] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5450] <... futex resumed>) = ? [pid 5451] <... futex resumed>) = ? [pid 5451] +++ killed by SIGBUS +++ [pid 5452] +++ killed by SIGBUS +++ [pid 5450] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- [ 88.295415][ T5451] loop0: detected capacity change from 0 to 2048 [ 88.306923][ T5451] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./138", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./138/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./138/binderfs") = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./138/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./138/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./138/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./138/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./138") = 0 mkdir("./139", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5453 attached , child_tidptr=0x555556218690) = 5453 [pid 5453] set_robust_list(0x5555562186a0, 24) = 0 [pid 5453] chdir("./139") = 0 [pid 5453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5453] setpgid(0, 0) = 0 [pid 5453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5453] write(3, "1000", 4) = 4 [pid 5453] close(3) = 0 [pid 5453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5453] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5453] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5454]}, 88) = 5454 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5454 attached [pid 5454] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5454] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5454] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5454] memfd_create("syzkaller", 0) = 3 [pid 5454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5454] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5454] close(3) = 0 [pid 5454] mkdir("./file0", 0777) = 0 [pid 5454] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5454] chdir("./file0") = 0 [pid 5454] ioctl(4, LOOP_CLR_FD) = 0 [pid 5454] close(4) = 0 [pid 5454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5454] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... futex resumed>) = 0 [pid 5454] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... futex resumed>) = 0 [pid 5453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5453] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5454] <... open resumed>) = 5 [pid 5454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5453] <... futex resumed>) = 0 [pid 5454] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5454] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5454] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5453] <... futex resumed>) = 0 [pid 5454] <... mmap resumed>) = 0x20000000 [pid 5453] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5453] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5453] <... mprotect resumed>) = 0 [pid 5454] <... futex resumed>) = 0 [pid 5454] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5455]}, 88) = 5455 [pid 5453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5453] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5453] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5455 attached [pid 5455] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5455] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5454] <... futex resumed>) = ? [pid 5454] +++ killed by SIGBUS +++ [pid 5453] <... futex resumed>) = ? [pid 5455] +++ killed by SIGBUS +++ [pid 5453] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5453, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./139", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./139/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./139/binderfs") = 0 [ 88.409765][ T5454] loop0: detected capacity change from 0 to 2048 [ 88.421479][ T5454] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./139/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./139/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./139/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./139/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./139") = 0 mkdir("./140", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5456 ./strace-static-x86_64: Process 5456 attached [pid 5456] set_robust_list(0x5555562186a0, 24) = 0 [pid 5456] chdir("./140") = 0 [pid 5456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5456] setpgid(0, 0) = 0 [pid 5456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5456] write(3, "1000", 4) = 4 [pid 5456] close(3) = 0 [pid 5456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5456] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5456] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5457 attached [pid 5457] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5457] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5457] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] <... clone3 resumed> => {parent_tid=[5457]}, 88) = 5457 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] memfd_create("syzkaller", 0 [pid 5456] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5457] <... memfd_create resumed>) = 3 [pid 5457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5457] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5457] close(3) = 0 [pid 5457] mkdir("./file0", 0777) = 0 [pid 5457] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5457] chdir("./file0") = 0 [pid 5457] ioctl(4, LOOP_CLR_FD) = 0 [pid 5457] close(4) = 0 [pid 5457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5456] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5457] <... futex resumed>) = 1 [pid 5457] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5457] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5457] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... futex resumed>) = 0 [pid 5456] <... futex resumed>) = 1 [pid 5457] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5456] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5457] <... mmap resumed>) = 0x20000000 [pid 5456] <... futex resumed>) = 0 [pid 5457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5457] <... futex resumed>) = 0 [pid 5457] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5456] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5456] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5458 attached [pid 5458] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5456] <... clone3 resumed> => {parent_tid=[5458]}, 88) = 5458 [pid 5458] <... rseq resumed>) = 0 [pid 5456] rt_sigprocmask(SIG_SETMASK, [], [pid 5458] set_robust_list(0x7f3dc0d559a0, 24 [pid 5456] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5458] <... set_robust_list resumed>) = 0 [pid 5456] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5458] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5456] <... futex resumed>) = 0 [pid 5456] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5457] <... futex resumed>) = ? [pid 5456] <... futex resumed>) = ? [pid 5458] +++ killed by SIGBUS +++ [pid 5457] +++ killed by SIGBUS +++ [pid 5456] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5456, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./140", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 88.528566][ T5457] loop0: detected capacity change from 0 to 2048 [ 88.539708][ T5457] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./140/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./140/binderfs") = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./140/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./140/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./140/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./140/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./140") = 0 mkdir("./141", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5459 attached [pid 5459] set_robust_list(0x5555562186a0, 24) = 0 [pid 5459] chdir("./141") = 0 [pid 5459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5459] setpgid(0, 0) = 0 [pid 5459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5459 [pid 5459] <... openat resumed>) = 3 [pid 5459] write(3, "1000", 4) = 4 [pid 5459] close(3) = 0 [pid 5459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5459] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5459] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5460 attached [pid 5460] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5459] <... clone3 resumed> => {parent_tid=[5460]}, 88) = 5460 [pid 5460] <... rseq resumed>) = 0 [pid 5460] set_robust_list(0x7f3dc90769a0, 24 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], [pid 5460] <... set_robust_list resumed>) = 0 [pid 5460] rt_sigprocmask(SIG_SETMASK, [], [pid 5459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5460] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] memfd_create("syzkaller", 0 [pid 5459] <... futex resumed>) = 0 [pid 5460] <... memfd_create resumed>) = 3 [pid 5459] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5460] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5460] close(3) = 0 [pid 5460] mkdir("./file0", 0777) = 0 [pid 5460] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5460] chdir("./file0") = 0 [pid 5460] ioctl(4, LOOP_CLR_FD) = 0 [pid 5460] close(4) = 0 [pid 5460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] <... futex resumed>) = 0 [pid 5460] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5460] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5460] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5460] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] <... futex resumed>) = 0 [pid 5459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5460] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5460] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5459] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5460] <... open resumed>) = 5 [pid 5460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5459] <... futex resumed>) = 0 [pid 5460] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5460] <... mmap resumed>) = 0x20000000 [pid 5460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5460] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5459] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5461 attached => {parent_tid=[5461]}, 88) = 5461 [pid 5459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5461] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5461] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5461] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5459] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5461] <... futex resumed>) = 0 [pid 5459] <... futex resumed>) = 1 [pid 5461] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5460] <... futex resumed>) = ? [pid 5460] +++ killed by SIGBUS +++ [pid 5461] +++ killed by SIGBUS +++ [pid 5459] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./141", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./141/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./141/binderfs") = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./141/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./141/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./141/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./141/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 88.650508][ T5460] loop0: detected capacity change from 0 to 2048 [ 88.662210][ T5460] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./141") = 0 mkdir("./142", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5462 ./strace-static-x86_64: Process 5462 attached [pid 5462] set_robust_list(0x5555562186a0, 24) = 0 [pid 5462] chdir("./142") = 0 [pid 5462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5462] setpgid(0, 0) = 0 [pid 5462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5462] write(3, "1000", 4) = 4 [pid 5462] close(3) = 0 [pid 5462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5462] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5462] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5463 attached => {parent_tid=[5463]}, 88) = 5463 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5463] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5463] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5463] memfd_create("syzkaller", 0) = 3 [pid 5463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5463] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5463] close(3) = 0 [pid 5463] mkdir("./file0", 0777) = 0 [pid 5463] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5463] chdir("./file0") = 0 [pid 5463] ioctl(4, LOOP_CLR_FD) = 0 [pid 5463] close(4) = 0 [pid 5463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5463] <... futex resumed>) = 1 [pid 5462] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5463] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... futex resumed>) = 0 [pid 5462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5463] <... futex resumed>) = 1 [pid 5463] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5462] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5462] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5462] <... mprotect resumed>) = 0 [pid 5463] <... futex resumed>) = 0 [pid 5463] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5464]}, 88) = 5464 [pid 5462] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5462] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5462] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5464 attached [pid 5464] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5464] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5464] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5463] <... futex resumed>) = ? [pid 5462] <... futex resumed>) = ? [pid 5464] +++ killed by SIGBUS +++ [pid 5463] +++ killed by SIGBUS +++ [pid 5462] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5462, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./142", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./142/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./142/binderfs") = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./142/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./142/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./142/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 88.765397][ T5463] loop0: detected capacity change from 0 to 2048 [ 88.777698][ T5463] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./142/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./142") = 0 mkdir("./143", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5465 attached , child_tidptr=0x555556218690) = 5465 [pid 5465] set_robust_list(0x5555562186a0, 24) = 0 [pid 5465] chdir("./143") = 0 [pid 5465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5465] setpgid(0, 0) = 0 [pid 5465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5465] write(3, "1000", 4) = 4 [pid 5465] close(3) = 0 [pid 5465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5465] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5465] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5466 attached => {parent_tid=[5466]}, 88) = 5466 [pid 5466] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], [pid 5466] <... rseq resumed>) = 0 [pid 5465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] set_robust_list(0x7f3dc90769a0, 24 [pid 5465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... set_robust_list resumed>) = 0 [pid 5465] <... futex resumed>) = 0 [pid 5466] rt_sigprocmask(SIG_SETMASK, [], [pid 5465] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5466] memfd_create("syzkaller", 0) = 3 [pid 5466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5466] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5466] close(3) = 0 [pid 5466] mkdir("./file0", 0777) = 0 [pid 5466] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5466] chdir("./file0") = 0 [pid 5466] ioctl(4, LOOP_CLR_FD) = 0 [pid 5466] close(4) = 0 [pid 5466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] <... futex resumed>) = 0 [pid 5465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5465] <... futex resumed>) = 1 [pid 5466] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5465] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] <... open resumed>) = 4 [pid 5466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5466] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5465] <... futex resumed>) = 0 [pid 5465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5466] <... futex resumed>) = 0 [pid 5465] <... futex resumed>) = 1 [pid 5465] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5466] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5465] <... futex resumed>) = 0 [pid 5465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5466] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5465] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5466] <... mmap resumed>) = 0x20000000 [pid 5465] <... mprotect resumed>) = 0 [pid 5465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5466] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5467 attached [pid 5465] <... clone3 resumed> => {parent_tid=[5467]}, 88) = 5467 [pid 5465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5465] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5465] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5467] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5467] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5467] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5466] <... futex resumed>) = ? [pid 5465] <... futex resumed>) = ? [pid 5467] +++ killed by SIGBUS +++ [pid 5466] +++ killed by SIGBUS +++ [pid 5465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./143", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./143/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./143/binderfs") = 0 [ 88.871206][ T5466] loop0: detected capacity change from 0 to 2048 [ 88.881776][ T5466] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./143/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./143/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./143/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./143/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./143") = 0 mkdir("./144", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5468 attached , child_tidptr=0x555556218690) = 5468 [pid 5468] set_robust_list(0x5555562186a0, 24) = 0 [pid 5468] chdir("./144") = 0 [pid 5468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5468] setpgid(0, 0) = 0 [pid 5468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5468] write(3, "1000", 4) = 4 [pid 5468] close(3) = 0 [pid 5468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5468] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5468] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5469]}, 88) = 5469 ./strace-static-x86_64: Process 5469 attached [pid 5468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5469] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5469] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5469] memfd_create("syzkaller", 0) = 3 [pid 5469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5469] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5469] close(3) = 0 [pid 5469] mkdir("./file0", 0777) = 0 [pid 5469] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5469] chdir("./file0") = 0 [pid 5469] ioctl(4, LOOP_CLR_FD) = 0 [pid 5469] close(4) = 0 [pid 5469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5468] <... futex resumed>) = 0 [pid 5469] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5469] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... open resumed>) = 4 [pid 5469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5468] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5469] <... futex resumed>) = 1 [pid 5469] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5468] <... futex resumed>) = 0 [pid 5468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] <... futex resumed>) = 1 [pid 5468] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5469] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5468] <... futex resumed>) = 0 [pid 5469] <... mmap resumed>) = 0x20000000 [pid 5468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5468] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5469] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5470 attached => {parent_tid=[5470]}, 88) = 5470 [pid 5470] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5468] rt_sigprocmask(SIG_SETMASK, [], [pid 5470] set_robust_list(0x7f3dc0d559a0, 24 [pid 5468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5470] <... set_robust_list resumed>) = 0 [pid 5468] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5470] rt_sigprocmask(SIG_SETMASK, [], [pid 5468] <... futex resumed>) = 0 [pid 5470] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5468] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5469] <... futex resumed>) = ? [pid 5469] +++ killed by SIGBUS +++ [pid 5468] <... futex resumed>) = ? [pid 5470] +++ killed by SIGBUS +++ [pid 5468] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5468, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./144", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./144/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./144/binderfs") = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./144/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./144/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./144/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./144/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./144") = 0 mkdir("./145", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5471 ./strace-static-x86_64: Process 5471 attached [pid 5471] set_robust_list(0x5555562186a0, 24) = 0 [pid 5471] chdir("./145") = 0 [pid 5471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5471] setpgid(0, 0) = 0 [ 88.967116][ T5469] loop0: detected capacity change from 0 to 2048 [ 88.979070][ T5469] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5471] write(3, "1000", 4) = 4 [pid 5471] close(3) = 0 [pid 5471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5471] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5471] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5472]}, 88) = 5472 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5472 attached [pid 5472] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5472] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5472] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5472] memfd_create("syzkaller", 0) = 3 [pid 5472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5472] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5472] close(3) = 0 [pid 5472] mkdir("./file0", 0777) = 0 [pid 5472] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5472] chdir("./file0") = 0 [pid 5472] ioctl(4, LOOP_CLR_FD) = 0 [pid 5472] close(4) = 0 [pid 5472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] <... futex resumed>) = 0 [pid 5471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5472] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5471] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... open resumed>) = 4 [pid 5472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5472] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] <... futex resumed>) = 0 [pid 5471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5472] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5471] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5471] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5472] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... futex resumed>) = 0 [pid 5471] <... futex resumed>) = 1 [pid 5472] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5471] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5472] <... mmap resumed>) = 0x20000000 [pid 5471] <... futex resumed>) = 0 [pid 5472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5472] <... futex resumed>) = 0 [pid 5472] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5471] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5471] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5473 attached [pid 5473] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5471] <... clone3 resumed> => {parent_tid=[5473]}, 88) = 5473 [pid 5473] <... rseq resumed>) = 0 [pid 5471] rt_sigprocmask(SIG_SETMASK, [], [pid 5473] set_robust_list(0x7f3dc0d559a0, 24 [pid 5471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5473] <... set_robust_list resumed>) = 0 [pid 5473] rt_sigprocmask(SIG_SETMASK, [], [pid 5471] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5473] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5471] <... futex resumed>) = 0 [pid 5473] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5471] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5472] <... futex resumed>) = ? [pid 5471] <... futex resumed>) = ? [pid 5472] +++ killed by SIGBUS +++ [pid 5473] +++ killed by SIGBUS +++ [pid 5471] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./145", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./145/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./145/binderfs") = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./145/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./145/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./145/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./145/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./145") = 0 mkdir("./146", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 [ 89.072144][ T5472] loop0: detected capacity change from 0 to 2048 [ 89.083635][ T5472] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5474 attached , child_tidptr=0x555556218690) = 5474 [pid 5474] set_robust_list(0x5555562186a0, 24) = 0 [pid 5474] chdir("./146") = 0 [pid 5474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5474] setpgid(0, 0) = 0 [pid 5474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5474] write(3, "1000", 4) = 4 [pid 5474] close(3) = 0 [pid 5474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5474] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5474] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5475 attached [pid 5475] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5474] <... clone3 resumed> => {parent_tid=[5475]}, 88) = 5475 [pid 5475] <... rseq resumed>) = 0 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], [pid 5475] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5475] rt_sigprocmask(SIG_SETMASK, [], [pid 5474] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5475] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] memfd_create("syzkaller", 0 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5475] <... memfd_create resumed>) = 3 [pid 5475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5475] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5475] close(3) = 0 [pid 5475] mkdir("./file0", 0777) = 0 [pid 5475] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5475] chdir("./file0") = 0 [pid 5475] ioctl(4, LOOP_CLR_FD) = 0 [pid 5475] close(4) = 0 [pid 5475] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] <... futex resumed>) = 0 [pid 5475] <... futex resumed>) = 1 [pid 5474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5474] <... futex resumed>) = 0 [pid 5474] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... open resumed>) = 4 [pid 5475] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5475] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] <... futex resumed>) = 0 [pid 5475] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5474] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5475] <... open resumed>) = 5 [pid 5475] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5474] <... futex resumed>) = 0 [pid 5475] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5474] <... futex resumed>) = 0 [pid 5475] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5474] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5475] <... mmap resumed>) = 0x20000000 [pid 5474] <... futex resumed>) = 0 [pid 5475] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5475] <... futex resumed>) = 0 [pid 5474] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5475] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5474] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5476]}, 88) = 5476 [pid 5474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5474] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5474] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5476 attached [pid 5476] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5476] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5475] <... futex resumed>) = ? [pid 5474] <... futex resumed>) = ? [pid 5475] +++ killed by SIGBUS +++ [pid 5476] +++ killed by SIGBUS +++ [pid 5474] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5474, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./146", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./146/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./146/binderfs") = 0 [ 89.182414][ T5475] loop0: detected capacity change from 0 to 2048 [ 89.194360][ T5475] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./146/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./146/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./146/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./146/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./146") = 0 mkdir("./147", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5477 ./strace-static-x86_64: Process 5477 attached [pid 5477] set_robust_list(0x5555562186a0, 24) = 0 [pid 5477] chdir("./147") = 0 [pid 5477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5477] setpgid(0, 0) = 0 [pid 5477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5477] write(3, "1000", 4) = 4 [pid 5477] close(3) = 0 [pid 5477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5477] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5477] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5477] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5478 attached [pid 5478] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5477] <... clone3 resumed> => {parent_tid=[5478]}, 88) = 5478 [pid 5478] <... rseq resumed>) = 0 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5478] set_robust_list(0x7f3dc90769a0, 24 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5478] <... set_robust_list resumed>) = 0 [pid 5477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] <... futex resumed>) = 0 [pid 5478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5477] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5478] memfd_create("syzkaller", 0) = 3 [pid 5478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5478] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5478] close(3) = 0 [pid 5478] mkdir("./file0", 0777) = 0 [pid 5478] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5478] chdir("./file0") = 0 [pid 5478] ioctl(4, LOOP_CLR_FD) = 0 [pid 5478] close(4) = 0 [pid 5478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5477] <... futex resumed>) = 1 [pid 5477] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5478] <... open resumed>) = 4 [pid 5478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5478] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... futex resumed>) = 0 [pid 5477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5478] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5478] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5478] <... futex resumed>) = 0 [pid 5477] <... futex resumed>) = 1 [pid 5478] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5477] <... futex resumed>) = 0 [pid 5478] <... futex resumed>) = 0 [pid 5477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5478] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5477] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5477] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5479 attached => {parent_tid=[5479]}, 88) = 5479 [pid 5479] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5477] rt_sigprocmask(SIG_SETMASK, [], [pid 5479] <... rseq resumed>) = 0 [pid 5477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5479] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5477] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5479] rt_sigprocmask(SIG_SETMASK, [], [pid 5477] <... futex resumed>) = 0 [pid 5479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5477] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5478] <... futex resumed>) = ? [pid 5478] +++ killed by SIGBUS +++ [pid 5479] +++ killed by SIGBUS +++ [pid 5477] <... futex resumed>) = ? [pid 5477] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5477, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./147", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./147/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./147/binderfs") = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./147/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./147/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./147/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./147/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./147") = 0 mkdir("./148", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5480 ./strace-static-x86_64: Process 5480 attached [pid 5480] set_robust_list(0x5555562186a0, 24) = 0 [ 89.297521][ T5478] loop0: detected capacity change from 0 to 2048 [ 89.308923][ T5478] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5480] chdir("./148") = 0 [pid 5480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5480] setpgid(0, 0) = 0 [pid 5480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5480] write(3, "1000", 4) = 4 [pid 5480] close(3) = 0 [pid 5480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5480] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5480] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5481 attached [pid 5481] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5480] <... clone3 resumed> => {parent_tid=[5481]}, 88) = 5481 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... rseq resumed>) = 0 [pid 5481] set_robust_list(0x7f3dc90769a0, 24 [pid 5480] <... futex resumed>) = 0 [pid 5481] <... set_robust_list resumed>) = 0 [pid 5480] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5481] memfd_create("syzkaller", 0) = 3 [pid 5481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5481] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5481] close(3) = 0 [pid 5481] mkdir("./file0", 0777) = 0 [pid 5481] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5481] chdir("./file0") = 0 [pid 5481] ioctl(4, LOOP_CLR_FD) = 0 [pid 5481] close(4) = 0 [pid 5481] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5480] <... futex resumed>) = 0 [pid 5481] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] <... futex resumed>) = 0 [pid 5481] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5480] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5481] <... open resumed>) = 4 [pid 5481] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] <... futex resumed>) = 0 [pid 5480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5481] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5481] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5480] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5481] <... futex resumed>) = 0 [pid 5481] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5480] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5482]}, 88) = 5482 [pid 5480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5480] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5480] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5482 attached [pid 5482] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5482] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5481] <... futex resumed>) = ? [pid 5480] <... futex resumed>) = ? [pid 5482] +++ killed by SIGBUS +++ [pid 5481] +++ killed by SIGBUS +++ [pid 5480] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./148", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./148/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./148/binderfs") = 0 [ 89.400473][ T5481] loop0: detected capacity change from 0 to 2048 [ 89.411021][ T5481] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./148/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./148/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./148/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./148/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./148") = 0 mkdir("./149", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5483 attached , child_tidptr=0x555556218690) = 5483 [pid 5483] set_robust_list(0x5555562186a0, 24) = 0 [pid 5483] chdir("./149") = 0 [pid 5483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5483] setpgid(0, 0) = 0 [pid 5483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5483] write(3, "1000", 4) = 4 [pid 5483] close(3) = 0 [pid 5483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5483] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5483] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5484]}, 88) = 5484 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5484 attached [pid 5484] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5484] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5484] memfd_create("syzkaller", 0) = 3 [pid 5484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5484] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5484] close(3) = 0 [pid 5484] mkdir("./file0", 0777) = 0 [pid 5484] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5484] chdir("./file0") = 0 [pid 5484] ioctl(4, LOOP_CLR_FD) = 0 [pid 5484] close(4) = 0 [pid 5484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5484] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] <... futex resumed>) = 0 [pid 5483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = 0 [pid 5483] <... futex resumed>) = 1 [pid 5484] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5483] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... open resumed>) = 4 [pid 5484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5483] <... futex resumed>) = 0 [pid 5484] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5483] <... futex resumed>) = 0 [pid 5484] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5483] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5484] <... open resumed>) = 5 [pid 5484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5484] <... futex resumed>) = 0 [pid 5483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5484] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5483] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5483] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5483] <... mprotect resumed>) = 0 [pid 5484] <... futex resumed>) = 0 [pid 5484] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5485 attached [pid 5485] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5485] set_robust_list(0x7f3dc0d559a0, 24 [pid 5483] <... clone3 resumed> => {parent_tid=[5485]}, 88) = 5485 [pid 5483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5483] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5485] <... set_robust_list resumed>) = 0 [pid 5485] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5483] <... futex resumed>) = 0 [pid 5484] <... futex resumed>) = ? [pid 5484] +++ killed by SIGBUS +++ [pid 5485] +++ killed by SIGBUS +++ [pid 5483] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./149", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./149/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./149/binderfs") = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./149/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 89.502082][ T5484] loop0: detected capacity change from 0 to 2048 [ 89.513154][ T5484] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./149/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./149/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./149/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./149") = 0 mkdir("./150", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5486 ./strace-static-x86_64: Process 5486 attached [pid 5486] set_robust_list(0x5555562186a0, 24) = 0 [pid 5486] chdir("./150") = 0 [pid 5486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5486] setpgid(0, 0) = 0 [pid 5486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5486] write(3, "1000", 4) = 4 [pid 5486] close(3) = 0 [pid 5486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5486] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5486] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5487]}, 88) = 5487 ./strace-static-x86_64: Process 5487 attached [pid 5486] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5487] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5487] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5487] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5487] memfd_create("syzkaller", 0) = 3 [pid 5487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5487] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5487] close(3) = 0 [pid 5487] mkdir("./file0", 0777) = 0 [pid 5487] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5487] chdir("./file0") = 0 [pid 5487] ioctl(4, LOOP_CLR_FD) = 0 [pid 5487] close(4) = 0 [pid 5487] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5487] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5486] <... futex resumed>) = 1 [pid 5486] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] <... open resumed>) = 4 [pid 5487] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5487] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5487] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5487] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] <... futex resumed>) = 0 [pid 5486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... futex resumed>) = 0 [pid 5486] <... futex resumed>) = 1 [pid 5487] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5486] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5487] <... mmap resumed>) = 0x20000000 [pid 5486] <... futex resumed>) = 0 [pid 5486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5486] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5487] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5486] <... mprotect resumed>) = 0 [pid 5487] <... futex resumed>) = 0 [pid 5487] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5488 attached [pid 5488] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5486] <... clone3 resumed> => {parent_tid=[5488]}, 88) = 5488 [pid 5488] <... rseq resumed>) = 0 [pid 5486] rt_sigprocmask(SIG_SETMASK, [], [pid 5488] set_robust_list(0x7f3dc0d559a0, 24 [pid 5486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5488] <... set_robust_list resumed>) = 0 [pid 5486] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5486] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5488] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5487] <... futex resumed>) = ? [pid 5488] +++ killed by SIGBUS +++ [pid 5487] +++ killed by SIGBUS +++ [pid 5486] <... futex resumed>) = ? [pid 5486] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5486, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./150", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./150/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./150/binderfs") = 0 [ 89.614187][ T5487] loop0: detected capacity change from 0 to 2048 [ 89.625830][ T5487] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./150/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./150/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./150/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./150/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./150") = 0 mkdir("./151", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5489 attached , child_tidptr=0x555556218690) = 5489 [pid 5489] set_robust_list(0x5555562186a0, 24) = 0 [pid 5489] chdir("./151") = 0 [pid 5489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5489] setpgid(0, 0) = 0 [pid 5489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5489] write(3, "1000", 4) = 4 [pid 5489] close(3) = 0 [pid 5489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5489] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5489] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5490 attached => {parent_tid=[5490]}, 88) = 5490 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5490] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5489] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5490] <... rseq resumed>) = 0 [pid 5490] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5490] memfd_create("syzkaller", 0) = 3 [pid 5490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5490] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5490] close(3) = 0 [pid 5490] mkdir("./file0", 0777) = 0 [pid 5490] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5490] chdir("./file0") = 0 [pid 5490] ioctl(4, LOOP_CLR_FD) = 0 [pid 5490] close(4) = 0 [pid 5490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5489] <... futex resumed>) = 1 [pid 5490] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5489] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... open resumed>) = 4 [pid 5490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5490] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] <... futex resumed>) = 0 [pid 5489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5489] <... futex resumed>) = 1 [pid 5490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5489] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5490] <... futex resumed>) = 0 [pid 5490] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... futex resumed>) = 0 [pid 5489] <... futex resumed>) = 1 [pid 5490] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5489] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5490] <... mmap resumed>) = 0x20000000 [pid 5490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] <... futex resumed>) = 0 [pid 5490] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5489] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5491 attached => {parent_tid=[5491]}, 88) = 5491 [pid 5489] rt_sigprocmask(SIG_SETMASK, [], [pid 5491] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5489] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5489] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5489] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5491] <... rseq resumed>) = 0 [pid 5491] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5489] <... futex resumed>) = ? [pid 5491] +++ killed by SIGBUS +++ [pid 5490] <... futex resumed>) = ? [pid 5490] +++ killed by SIGBUS +++ [pid 5489] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./151", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./151/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./151/binderfs") = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./151/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./151/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./151/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./151/file0") = 0 [ 89.747696][ T5490] loop0: detected capacity change from 0 to 2048 [ 89.759829][ T5490] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./151") = 0 mkdir("./152", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5492 attached , child_tidptr=0x555556218690) = 5492 [pid 5492] set_robust_list(0x5555562186a0, 24) = 0 [pid 5492] chdir("./152") = 0 [pid 5492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5492] setpgid(0, 0) = 0 [pid 5492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5492] write(3, "1000", 4) = 4 [pid 5492] close(3) = 0 [pid 5492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5492] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5492] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5493]}, 88) = 5493 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5493 attached [pid 5493] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5493] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5493] memfd_create("syzkaller", 0) = 3 [pid 5493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5493] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5493] close(3) = 0 [pid 5493] mkdir("./file0", 0777) = 0 [pid 5493] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5493] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5493] chdir("./file0") = 0 [pid 5493] ioctl(4, LOOP_CLR_FD) = 0 [pid 5493] close(4) = 0 [pid 5493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] <... open resumed>) = 4 [pid 5493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5493] <... futex resumed>) = 0 [pid 5492] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5493] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5492] <... futex resumed>) = 0 [pid 5493] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5493] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5492] <... futex resumed>) = 0 [pid 5492] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5492] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5493] <... mmap resumed>) = 0x20000000 [pid 5492] <... mprotect resumed>) = 0 [pid 5493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5494 attached [pid 5494] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5492] <... clone3 resumed> => {parent_tid=[5494]}, 88) = 5494 [pid 5494] <... rseq resumed>) = 0 [pid 5492] rt_sigprocmask(SIG_SETMASK, [], [pid 5494] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5492] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5492] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5492] <... futex resumed>) = 0 [pid 5494] +++ killed by SIGBUS +++ [pid 5493] +++ killed by SIGBUS +++ [pid 5492] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5492, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./152", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./152/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./152/binderfs") = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./152/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./152/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./152/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./152/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./152") = 0 mkdir("./153", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5495 attached , child_tidptr=0x555556218690) = 5495 [pid 5495] set_robust_list(0x5555562186a0, 24) = 0 [pid 5495] chdir("./153") = 0 [pid 5495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5495] setpgid(0, 0) = 0 [pid 5495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5495] write(3, "1000", 4) = 4 [pid 5495] close(3) = 0 [pid 5495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5495] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5495] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5496 attached [pid 5496] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5495] <... clone3 resumed> => {parent_tid=[5496]}, 88) = 5496 [pid 5496] <... rseq resumed>) = 0 [ 89.864802][ T5493] loop0: detected capacity change from 0 to 2048 [ 89.877026][ T5493] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5496] set_robust_list(0x7f3dc90769a0, 24 [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5496] <... set_robust_list resumed>) = 0 [pid 5495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] <... futex resumed>) = 0 [pid 5496] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5495] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5496] memfd_create("syzkaller", 0) = 3 [pid 5496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5496] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5496] close(3) = 0 [pid 5496] mkdir("./file0", 0777) = 0 [pid 5496] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5496] chdir("./file0") = 0 [pid 5496] ioctl(4, LOOP_CLR_FD) = 0 [pid 5496] close(4) = 0 [pid 5496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5496] <... futex resumed>) = 1 [pid 5496] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5495] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5496] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... futex resumed>) = 0 [pid 5496] <... futex resumed>) = 1 [pid 5496] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5496] <... mmap resumed>) = 0x20000000 [pid 5495] <... futex resumed>) = 0 [pid 5495] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5495] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5495] <... mprotect resumed>) = 0 [pid 5496] <... futex resumed>) = 0 [pid 5496] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5497 attached [pid 5497] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5495] <... clone3 resumed> => {parent_tid=[5497]}, 88) = 5497 [pid 5497] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5495] rt_sigprocmask(SIG_SETMASK, [], [pid 5497] rt_sigprocmask(SIG_SETMASK, [], [pid 5495] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5497] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5497] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5495] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5495] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5496] <... futex resumed>) = ? [pid 5495] <... futex resumed>) = ? [pid 5497] +++ killed by SIGBUS +++ [pid 5496] +++ killed by SIGBUS +++ [pid 5495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./153", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./153/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./153/binderfs") = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./153/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./153/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./153/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./153/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./153") = 0 mkdir("./154", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 89.948857][ T5496] loop0: detected capacity change from 0 to 2048 [ 89.961862][ T5496] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5498 ./strace-static-x86_64: Process 5498 attached [pid 5498] set_robust_list(0x5555562186a0, 24) = 0 [pid 5498] chdir("./154") = 0 [pid 5498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5498] setpgid(0, 0) = 0 [pid 5498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5498] write(3, "1000", 4) = 4 [pid 5498] close(3) = 0 [pid 5498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5498] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5498] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5499]}, 88) = 5499 ./strace-static-x86_64: Process 5499 attached [pid 5498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5499] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5499] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5499] memfd_create("syzkaller", 0) = 3 [pid 5499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5499] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5499] close(3) = 0 [pid 5499] mkdir("./file0", 0777) = 0 [pid 5499] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5499] chdir("./file0") = 0 [pid 5499] ioctl(4, LOOP_CLR_FD) = 0 [pid 5499] close(4) = 0 [pid 5499] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5499] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5499] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5498] <... futex resumed>) = 0 [pid 5499] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5498] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5499] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5499] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] <... futex resumed>) = 0 [pid 5498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5499] <... futex resumed>) = 0 [pid 5499] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5498] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5498] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5499] <... mmap resumed>) = 0x20000000 [pid 5498] <... mprotect resumed>) = 0 [pid 5498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5499] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5499] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5498] <... clone3 resumed> => {parent_tid=[5500]}, 88) = 5500 [pid 5498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5498] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5498] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5500 attached [pid 5500] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5500] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5500] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5499] <... futex resumed>) = ? [pid 5498] <... futex resumed>) = ? [pid 5499] +++ killed by SIGBUS +++ [pid 5500] +++ killed by SIGBUS +++ [pid 5498] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5498, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./154", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./154/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./154/binderfs") = 0 [ 90.051314][ T5499] loop0: detected capacity change from 0 to 2048 [ 90.062804][ T5499] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./154/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./154/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./154/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./154/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./154") = 0 mkdir("./155", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5501 attached , child_tidptr=0x555556218690) = 5501 [pid 5501] set_robust_list(0x5555562186a0, 24) = 0 [pid 5501] chdir("./155") = 0 [pid 5501] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5501] setpgid(0, 0) = 0 [pid 5501] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5501] write(3, "1000", 4) = 4 [pid 5501] close(3) = 0 [pid 5501] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5501] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5501] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5501] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5502 attached => {parent_tid=[5502]}, 88) = 5502 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5501] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5502] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5502] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5502] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5502] memfd_create("syzkaller", 0) = 3 [pid 5502] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5502] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5502] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5502] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5502] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5502] close(3) = 0 [pid 5502] mkdir("./file0", 0777) = 0 [pid 5502] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5502] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5502] chdir("./file0") = 0 [pid 5502] ioctl(4, LOOP_CLR_FD) = 0 [pid 5502] close(4) = 0 [pid 5502] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5502] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] <... futex resumed>) = 0 [pid 5502] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5502] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5501] <... futex resumed>) = 0 [pid 5502] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5502] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5501] <... futex resumed>) = 0 [pid 5502] <... open resumed>) = 5 [pid 5501] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5502] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5501] <... futex resumed>) = 0 [pid 5501] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5502] <... futex resumed>) = 1 [pid 5502] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5501] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5501] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5502] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5502] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5501] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5501] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5503 attached => {parent_tid=[5503]}, 88) = 5503 [pid 5503] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5503] set_robust_list(0x7f3dc0d559a0, 24 [pid 5501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5501] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5501] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5503] <... set_robust_list resumed>) = 0 [pid 5503] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5503] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5501] <... futex resumed>) = ? [pid 5502] <... futex resumed>) = ? [pid 5502] +++ killed by SIGBUS +++ [pid 5503] +++ killed by SIGBUS +++ [pid 5501] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5501, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./155", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./155", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./155/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./155/binderfs") = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./155/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./155/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 90.166059][ T5502] loop0: detected capacity change from 0 to 2048 [ 90.176260][ T5502] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./155/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./155/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./155") = 0 mkdir("./156", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5504 attached , child_tidptr=0x555556218690) = 5504 [pid 5504] set_robust_list(0x5555562186a0, 24) = 0 [pid 5504] chdir("./156") = 0 [pid 5504] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5504] setpgid(0, 0) = 0 [pid 5504] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5504] write(3, "1000", 4) = 4 [pid 5504] close(3) = 0 [pid 5504] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5504] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5504] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5504] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5505 attached => {parent_tid=[5505]}, 88) = 5505 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5505] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5505] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5505] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5505] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5504] <... futex resumed>) = 1 [pid 5504] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5505] memfd_create("syzkaller", 0) = 3 [pid 5505] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5505] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5505] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5505] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5505] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5505] close(3) = 0 [pid 5505] mkdir("./file0", 0777) = 0 [pid 5505] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5505] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5505] chdir("./file0") = 0 [pid 5505] ioctl(4, LOOP_CLR_FD) = 0 [pid 5505] close(4) = 0 [pid 5505] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] <... futex resumed>) = 0 [pid 5504] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5505] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5505] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] <... futex resumed>) = 0 [pid 5504] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5504] <... futex resumed>) = 1 [pid 5505] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5504] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5505] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5505] <... futex resumed>) = 0 [pid 5504] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5504] <... futex resumed>) = 0 [pid 5505] <... mmap resumed>) = 0x20000000 [pid 5505] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5504] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5505] <... futex resumed>) = 0 [pid 5504] <... futex resumed>) = 0 [pid 5505] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5504] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5504] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5504] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5504] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5506 attached => {parent_tid=[5506]}, 88) = 5506 [pid 5504] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5504] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5504] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5506] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5506] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5506] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5506] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5504] <... futex resumed>) = ? [pid 5505] <... futex resumed>) = ? [pid 5505] +++ killed by SIGBUS +++ [pid 5506] +++ killed by SIGBUS +++ [pid 5504] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5504, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./156", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./156/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./156/binderfs") = 0 [ 90.317836][ T5505] loop0: detected capacity change from 0 to 2048 [ 90.330517][ T5505] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./156/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./156/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./156/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./156/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./156") = 0 mkdir("./157", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5507 attached , child_tidptr=0x555556218690) = 5507 [pid 5507] set_robust_list(0x5555562186a0, 24) = 0 [pid 5507] chdir("./157") = 0 [pid 5507] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5507] setpgid(0, 0) = 0 [pid 5507] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5507] write(3, "1000", 4) = 4 [pid 5507] close(3) = 0 [pid 5507] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5507] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5507] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5507] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5508 attached => {parent_tid=[5508]}, 88) = 5508 [pid 5507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5507] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5508] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5508] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5508] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5508] memfd_create("syzkaller", 0) = 3 [pid 5508] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5508] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5508] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5508] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5508] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5508] close(3) = 0 [pid 5508] mkdir("./file0", 0777) = 0 [pid 5508] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5508] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5508] chdir("./file0") = 0 [pid 5508] ioctl(4, LOOP_CLR_FD) = 0 [pid 5508] close(4) = 0 [pid 5508] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5507] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] <... futex resumed>) = 1 [pid 5508] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5508] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5507] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5507] <... futex resumed>) = 0 [pid 5508] <... open resumed>) = 5 [pid 5507] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5508] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] <... futex resumed>) = 0 [pid 5507] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5508] <... futex resumed>) = 1 [pid 5507] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5508] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5507] <... futex resumed>) = 0 [pid 5507] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5508] <... mmap resumed>) = 0x20000000 [pid 5507] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5507] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5507] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5508] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5507] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5508] <... futex resumed>) = 0 ./strace-static-x86_64: Process 5509 attached [pid 5509] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5508] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5509] <... rseq resumed>) = 0 [pid 5509] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5509] rt_sigprocmask(SIG_SETMASK, [], [pid 5507] <... clone3 resumed> => {parent_tid=[5509]}, 88) = 5509 [pid 5509] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5509] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5507] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5507] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5509] <... futex resumed>) = 0 [pid 5507] <... futex resumed>) = 1 [pid 5507] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5509] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5508] <... futex resumed>) = ? [pid 5507] <... futex resumed>) = ? [pid 5508] +++ killed by SIGBUS +++ [pid 5509] +++ killed by SIGBUS +++ [pid 5507] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5507, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./157", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./157/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./157/binderfs") = 0 [ 90.435857][ T5508] loop0: detected capacity change from 0 to 2048 [ 90.447963][ T5508] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./157/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./157/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./157/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./157/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./157") = 0 mkdir("./158", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5510 attached , child_tidptr=0x555556218690) = 5510 [pid 5510] set_robust_list(0x5555562186a0, 24) = 0 [pid 5510] chdir("./158") = 0 [pid 5510] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5510] setpgid(0, 0) = 0 [pid 5510] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5510] write(3, "1000", 4) = 4 [pid 5510] close(3) = 0 [pid 5510] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5510] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5510] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5510] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5511 attached [pid 5511] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5511] set_robust_list(0x7f3dc90769a0, 24 [pid 5510] <... clone3 resumed> => {parent_tid=[5511]}, 88) = 5511 [pid 5511] <... set_robust_list resumed>) = 0 [pid 5511] rt_sigprocmask(SIG_SETMASK, [], [pid 5510] rt_sigprocmask(SIG_SETMASK, [], [pid 5511] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] memfd_create("syzkaller", 0 [pid 5510] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5511] <... memfd_create resumed>) = 3 [pid 5511] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5511] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5511] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5511] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5511] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5511] close(3) = 0 [pid 5511] mkdir("./file0", 0777) = 0 [pid 5511] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5511] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5511] chdir("./file0") = 0 [pid 5511] ioctl(4, LOOP_CLR_FD) = 0 [pid 5511] close(4) = 0 [pid 5511] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5511] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... futex resumed>) = 0 [pid 5510] <... futex resumed>) = 1 [pid 5511] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5510] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] <... open resumed>) = 4 [pid 5511] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5510] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5511] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5511] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5510] <... futex resumed>) = 0 [pid 5511] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5510] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5510] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5511] <... mmap resumed>) = 0x20000000 [pid 5510] <... futex resumed>) = 0 [pid 5510] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5511] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5511] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5510] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5510] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5510] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5512 attached [pid 5512] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5510] <... clone3 resumed> => {parent_tid=[5512]}, 88) = 5512 [pid 5510] rt_sigprocmask(SIG_SETMASK, [], [pid 5512] <... rseq resumed>) = 0 [pid 5512] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5512] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5512] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5510] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5510] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5512] <... futex resumed>) = 0 [pid 5510] <... futex resumed>) = 1 [pid 5512] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5512] +++ killed by SIGBUS +++ [pid 5511] <... futex resumed>) = ? [pid 5511] +++ killed by SIGBUS +++ [pid 5510] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5510, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./158", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./158/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./158/binderfs") = 0 [ 90.547640][ T5511] loop0: detected capacity change from 0 to 2048 [ 90.559563][ T5511] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./158/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./158/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./158/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./158/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./158") = 0 mkdir("./159", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5513 ./strace-static-x86_64: Process 5513 attached [pid 5513] set_robust_list(0x5555562186a0, 24) = 0 [pid 5513] chdir("./159") = 0 [pid 5513] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5513] setpgid(0, 0) = 0 [pid 5513] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5513] write(3, "1000", 4) = 4 [pid 5513] close(3) = 0 [pid 5513] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5513] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5513] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5513] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5514 attached [pid 5514] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5513] <... clone3 resumed> => {parent_tid=[5514]}, 88) = 5514 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5513] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5514] <... rseq resumed>) = 0 [pid 5514] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5514] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5514] memfd_create("syzkaller", 0) = 3 [pid 5514] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5514] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5514] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5514] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5514] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5514] close(3) = 0 [pid 5514] mkdir("./file0", 0777) = 0 [pid 5514] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5514] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5514] chdir("./file0") = 0 [pid 5514] ioctl(4, LOOP_CLR_FD) = 0 [pid 5514] close(4) = 0 [pid 5514] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5514] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... open resumed>) = 4 [pid 5514] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5514] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... futex resumed>) = 0 [pid 5513] <... futex resumed>) = 1 [pid 5514] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5513] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5514] <... open resumed>) = 5 [pid 5514] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5513] <... futex resumed>) = 0 [pid 5514] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5513] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5514] <... mmap resumed>) = 0x20000000 [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5513] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5514] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5514] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5513] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5513] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5513] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5513] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5515 attached [pid 5515] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5513] <... clone3 resumed> => {parent_tid=[5515]}, 88) = 5515 [pid 5515] <... rseq resumed>) = 0 [pid 5513] rt_sigprocmask(SIG_SETMASK, [], [pid 5515] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5513] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5515] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5513] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5515] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5513] <... futex resumed>) = 0 [pid 5513] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5514] <... futex resumed>) = ? [pid 5514] +++ killed by SIGBUS +++ [pid 5515] +++ killed by SIGBUS +++ [pid 5513] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5513, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./159", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./159/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./159/binderfs") = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./159/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./159/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./159/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./159/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./159") = 0 [ 90.669707][ T5514] loop0: detected capacity change from 0 to 2048 [ 90.680272][ T5514] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./160", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5516 attached , child_tidptr=0x555556218690) = 5516 [pid 5516] set_robust_list(0x5555562186a0, 24) = 0 [pid 5516] chdir("./160") = 0 [pid 5516] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5516] setpgid(0, 0) = 0 [pid 5516] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5516] write(3, "1000", 4) = 4 [pid 5516] close(3) = 0 [pid 5516] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5516] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5516] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5516] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5516] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5517 attached => {parent_tid=[5517]}, 88) = 5517 [pid 5517] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], [pid 5517] set_robust_list(0x7f3dc90769a0, 24 [pid 5516] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5517] <... set_robust_list resumed>) = 0 [pid 5516] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] rt_sigprocmask(SIG_SETMASK, [], [pid 5516] <... futex resumed>) = 0 [pid 5517] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5516] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5517] memfd_create("syzkaller", 0) = 3 [pid 5517] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5517] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5517] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5517] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5517] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5517] close(3) = 0 [pid 5517] mkdir("./file0", 0777) = 0 [pid 5517] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5517] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5517] chdir("./file0") = 0 [pid 5517] ioctl(4, LOOP_CLR_FD) = 0 [pid 5517] close(4) = 0 [pid 5517] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... futex resumed>) = 1 [pid 5517] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5517] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5517] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5516] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5517] <... open resumed>) = 5 [pid 5517] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... futex resumed>) = 0 [pid 5516] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5517] <... futex resumed>) = 1 [pid 5516] <... futex resumed>) = 0 [pid 5517] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5517] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5516] <... mprotect resumed>) = 0 [pid 5517] <... futex resumed>) = 0 [pid 5517] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5516] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5516] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5518 attached => {parent_tid=[5518]}, 88) = 5518 [pid 5516] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5516] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5516] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5518] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5518] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5518] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5518] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5517] <... futex resumed>) = ? [pid 5517] +++ killed by SIGBUS +++ [pid 5516] <... futex resumed>) = ? [pid 5518] +++ killed by SIGBUS +++ [pid 5516] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5516, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./160", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./160/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./160/binderfs") = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./160/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./160/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./160/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 90.775523][ T5517] loop0: detected capacity change from 0 to 2048 [ 90.787411][ T5517] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./160/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./160") = 0 mkdir("./161", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5519 attached [pid 5519] set_robust_list(0x5555562186a0, 24) = 0 [pid 5519] chdir("./161") = 0 [pid 5519] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5519] setpgid(0, 0) = 0 [pid 5519] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5519] write(3, "1000", 4) = 4 [pid 5519] close(3) = 0 [pid 5519] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5519] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5519] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5519] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5520 attached [pid 5520] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5519] <... clone3 resumed> => {parent_tid=[5520]}, 88) = 5520 [pid 5520] <... rseq resumed>) = 0 [pid 5519] rt_sigprocmask(SIG_SETMASK, [], [pid 5520] set_robust_list(0x7f3dc90769a0, 24 [pid 5519] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5520] <... set_robust_list resumed>) = 0 [pid 5519] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5519] <... futex resumed>) = 0 [pid 5520] memfd_create("syzkaller", 0 [pid 5519] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5520] <... memfd_create resumed>) = 3 [pid 5520] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5519 [pid 5520] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5520] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5520] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5520] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5520] close(3) = 0 [pid 5520] mkdir("./file0", 0777) = 0 [pid 5520] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5520] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5520] chdir("./file0") = 0 [pid 5520] ioctl(4, LOOP_CLR_FD) = 0 [pid 5520] close(4) = 0 [pid 5520] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5520] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5519] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5520] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... futex resumed>) = 0 [pid 5519] <... futex resumed>) = 1 [pid 5520] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5519] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5520] <... open resumed>) = 5 [pid 5520] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5519] <... futex resumed>) = 0 [pid 5520] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5519] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] <... mmap resumed>) = 0x20000000 [pid 5519] <... futex resumed>) = 0 [pid 5519] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5520] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5519] <... futex resumed>) = 0 [pid 5519] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5520] <... futex resumed>) = 0 [pid 5520] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5519] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5519] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5519] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5519] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5521]}, 88) = 5521 ./strace-static-x86_64: Process 5521 attached [pid 5519] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5519] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5519] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5521] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5521] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5521] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5521] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5520] <... futex resumed>) = ? [pid 5520] +++ killed by SIGBUS +++ [pid 5519] <... futex resumed>) = ? [pid 5521] +++ killed by SIGBUS +++ [pid 5519] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5519, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./161", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./161/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./161/binderfs") = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./161/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./161/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./161/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./161/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./161") = 0 [ 90.870883][ T5520] loop0: detected capacity change from 0 to 2048 [ 90.896168][ T5520] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./162", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5522 attached [pid 5522] set_robust_list(0x5555562186a0, 24) = 0 [pid 5522] chdir("./162") = 0 [pid 5522] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5522] setpgid(0, 0) = 0 [pid 5522] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5522] write(3, "1000", 4) = 4 [pid 5522] close(3) = 0 [pid 5522] symlink("/dev/binderfs", "./binderfs" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5522 [pid 5522] <... symlink resumed>) = 0 [pid 5522] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5522] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5522] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5523 attached => {parent_tid=[5523]}, 88) = 5523 [pid 5523] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5523] set_robust_list(0x7f3dc90769a0, 24 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5523] <... set_robust_list resumed>) = 0 [pid 5522] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] rt_sigprocmask(SIG_SETMASK, [], [pid 5522] <... futex resumed>) = 0 [pid 5523] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5523] memfd_create("syzkaller", 0) = 3 [pid 5523] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5523] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5523] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5523] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5523] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5523] close(3) = 0 [pid 5523] mkdir("./file0", 0777) = 0 [pid 5523] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5523] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5523] chdir("./file0") = 0 [pid 5523] ioctl(4, LOOP_CLR_FD) = 0 [pid 5523] close(4) = 0 [pid 5523] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5522] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... open resumed>) = 4 [pid 5523] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] <... futex resumed>) = 0 [pid 5523] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5522] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5523] <... open resumed>) = 5 [pid 5523] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5522] <... futex resumed>) = 0 [pid 5523] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5523] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5522] <... futex resumed>) = 0 [pid 5523] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5522] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5523] <... mmap resumed>) = 0x20000000 [pid 5522] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5522] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5523] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5522] <... mprotect resumed>) = 0 [pid 5523] <... futex resumed>) = 0 [pid 5523] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5522] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5522] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5524 attached => {parent_tid=[5524]}, 88) = 5524 [pid 5522] rt_sigprocmask(SIG_SETMASK, [], [pid 5524] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5522] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5522] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5522] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5524] <... rseq resumed>) = 0 [pid 5524] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5524] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5524] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5524] +++ killed by SIGBUS +++ [pid 5523] <... futex resumed>) = ? [pid 5522] <... futex resumed>) = ? [pid 5523] +++ killed by SIGBUS +++ [pid 5522] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5522, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./162", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./162/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./162/binderfs") = 0 [ 90.976460][ T5523] loop0: detected capacity change from 0 to 2048 [ 90.988314][ T5523] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./162/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./162/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./162/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./162/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./162") = 0 mkdir("./163", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5525 attached , child_tidptr=0x555556218690) = 5525 [pid 5525] set_robust_list(0x5555562186a0, 24) = 0 [pid 5525] chdir("./163") = 0 [pid 5525] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5525] setpgid(0, 0) = 0 [pid 5525] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5525] write(3, "1000", 4) = 4 [pid 5525] close(3) = 0 [pid 5525] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5525] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5525] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5525] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5526 attached [pid 5526] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5525] <... clone3 resumed> => {parent_tid=[5526]}, 88) = 5526 [pid 5526] set_robust_list(0x7f3dc90769a0, 24 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], [pid 5526] <... set_robust_list resumed>) = 0 [pid 5525] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5526] rt_sigprocmask(SIG_SETMASK, [], [pid 5525] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5525] <... futex resumed>) = 0 [pid 5526] memfd_create("syzkaller", 0) = 3 [pid 5525] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5526] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5526] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5526] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5526] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5526] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5526] close(3) = 0 [pid 5526] mkdir("./file0", 0777) = 0 [pid 5526] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5526] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5526] chdir("./file0") = 0 [pid 5526] ioctl(4, LOOP_CLR_FD) = 0 [pid 5526] close(4) = 0 [pid 5526] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5526] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5525] <... futex resumed>) = 0 [pid 5525] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... futex resumed>) = 0 [pid 5525] <... futex resumed>) = 1 [pid 5526] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5525] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] <... open resumed>) = 4 [pid 5526] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5526] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5525] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5526] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5525] <... futex resumed>) = 0 [pid 5526] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5525] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5526] <... open resumed>) = 5 [pid 5526] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5525] <... futex resumed>) = 0 [pid 5526] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5525] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5526] <... mmap resumed>) = 0x20000000 [pid 5525] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5525] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5526] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5526] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5525] <... mprotect resumed>) = 0 [pid 5525] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5525] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5527 attached => {parent_tid=[5527]}, 88) = 5527 [pid 5527] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5525] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5525] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5525] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5527] <... rseq resumed>) = 0 [pid 5527] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5527] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5527] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5525] <... futex resumed>) = ? [pid 5526] <... futex resumed>) = ? [pid 5526] +++ killed by SIGBUS +++ [pid 5527] +++ killed by SIGBUS +++ [pid 5525] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5525, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./163", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./163/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./163/binderfs") = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./163/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./163/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./163/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 91.098165][ T5526] loop0: detected capacity change from 0 to 2048 [ 91.109559][ T5526] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./163/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./163") = 0 mkdir("./164", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5528 attached , child_tidptr=0x555556218690) = 5528 [pid 5528] set_robust_list(0x5555562186a0, 24) = 0 [pid 5528] chdir("./164") = 0 [pid 5528] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5528] setpgid(0, 0) = 0 [pid 5528] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5528] write(3, "1000", 4) = 4 [pid 5528] close(3) = 0 [pid 5528] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5528] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5528] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5528] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5529 attached [pid 5529] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5528] <... clone3 resumed> => {parent_tid=[5529]}, 88) = 5529 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5528] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5529] <... rseq resumed>) = 0 [pid 5529] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5529] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5529] memfd_create("syzkaller", 0) = 3 [pid 5529] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5529] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5529] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5529] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5529] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5529] close(3) = 0 [pid 5529] mkdir("./file0", 0777) = 0 [pid 5529] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5529] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5529] chdir("./file0") = 0 [pid 5529] ioctl(4, LOOP_CLR_FD) = 0 [pid 5529] close(4) = 0 [pid 5529] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = 1 [pid 5529] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5529] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5529] <... futex resumed>) = 1 [pid 5529] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5529] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5528] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5528] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5529] <... futex resumed>) = 1 [pid 5528] <... mprotect resumed>) = 0 [pid 5529] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5528] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5528] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5530 attached [pid 5529] <... mmap resumed>) = 0x20000000 [pid 5528] <... clone3 resumed> => {parent_tid=[5530]}, 88) = 5530 [pid 5528] rt_sigprocmask(SIG_SETMASK, [], [pid 5529] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5528] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5529] <... futex resumed>) = 0 [pid 5528] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5529] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5528] <... futex resumed>) = 0 [pid 5528] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5530] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5530] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5530] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5530] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5528] <... futex resumed>) = ? [pid 5529] <... futex resumed>) = ? [pid 5529] +++ killed by SIGBUS +++ [pid 5530] +++ killed by SIGBUS +++ [pid 5528] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5528, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./164", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./164/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./164/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./164/binderfs") = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.221018][ T5529] loop0: detected capacity change from 0 to 2048 [ 91.233927][ T5529] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./164/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./164/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./164/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./164/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./164") = 0 mkdir("./165", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5531 attached , child_tidptr=0x555556218690) = 5531 [pid 5531] set_robust_list(0x5555562186a0, 24) = 0 [pid 5531] chdir("./165") = 0 [pid 5531] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5531] setpgid(0, 0) = 0 [pid 5531] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5531] write(3, "1000", 4) = 4 [pid 5531] close(3) = 0 [pid 5531] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5531] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5531] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5531] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5531] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5531] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5532 attached => {parent_tid=[5532]}, 88) = 5532 [pid 5532] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5531] rt_sigprocmask(SIG_SETMASK, [], [pid 5532] <... rseq resumed>) = 0 [pid 5532] set_robust_list(0x7f3dc90769a0, 24 [pid 5531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5532] <... set_robust_list resumed>) = 0 [pid 5531] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] rt_sigprocmask(SIG_SETMASK, [], [pid 5531] <... futex resumed>) = 0 [pid 5532] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5532] memfd_create("syzkaller", 0 [pid 5531] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5532] <... memfd_create resumed>) = 3 [pid 5532] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5532] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5532] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5532] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5532] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5532] close(3) = 0 [pid 5532] mkdir("./file0", 0777) = 0 [pid 5532] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5532] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5532] chdir("./file0") = 0 [pid 5532] ioctl(4, LOOP_CLR_FD) = 0 [pid 5532] close(4) = 0 [pid 5532] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5531] <... futex resumed>) = 0 [pid 5531] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5532] <... futex resumed>) = 0 [pid 5531] <... futex resumed>) = 1 [pid 5532] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5531] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5532] <... open resumed>) = 4 [pid 5532] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5531] <... futex resumed>) = 0 [pid 5531] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5532] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5532] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5532] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5531] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5531] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5532] <... futex resumed>) = 0 [pid 5532] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5531] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5531] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5533 attached [pid 5533] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5531] <... clone3 resumed> => {parent_tid=[5533]}, 88) = 5533 [pid 5533] set_robust_list(0x7f3dc0d559a0, 24 [pid 5531] rt_sigprocmask(SIG_SETMASK, [], [pid 5533] <... set_robust_list resumed>) = 0 [pid 5533] rt_sigprocmask(SIG_SETMASK, [], [pid 5531] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5533] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5531] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5531] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5533] <... futex resumed>) = 0 [pid 5533] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5531] <... futex resumed>) = ? [pid 5532] <... futex resumed>) = ? [pid 5532] +++ killed by SIGBUS +++ [pid 5533] +++ killed by SIGBUS +++ [pid 5531] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5531, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./165", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./165/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./165/binderfs") = 0 [ 91.338080][ T5532] loop0: detected capacity change from 0 to 2048 [ 91.353069][ T5532] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./165/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./165/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./165/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./165/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./165") = 0 mkdir("./166", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5534 attached , child_tidptr=0x555556218690) = 5534 [pid 5534] set_robust_list(0x5555562186a0, 24) = 0 [pid 5534] chdir("./166") = 0 [pid 5534] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5534] setpgid(0, 0) = 0 [pid 5534] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5534] write(3, "1000", 4) = 4 [pid 5534] close(3) = 0 [pid 5534] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5534] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5534] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5534] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5534] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5534] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5534] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5535]}, 88) = 5535 [pid 5534] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5535 attached NULL, 8) = 0 [pid 5535] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5534] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... rseq resumed>) = 0 [pid 5535] set_robust_list(0x7f3dc90769a0, 24 [pid 5534] <... futex resumed>) = 0 [pid 5535] <... set_robust_list resumed>) = 0 [pid 5534] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5535] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5535] memfd_create("syzkaller", 0) = 3 [pid 5535] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5535] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5535] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5535] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5535] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5535] close(3) = 0 [pid 5535] mkdir("./file0", 0777) = 0 [pid 5535] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5535] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5535] chdir("./file0") = 0 [pid 5535] ioctl(4, LOOP_CLR_FD) = 0 [pid 5535] close(4) = 0 [pid 5535] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... futex resumed>) = 0 [pid 5535] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5535] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5535] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] <... futex resumed>) = 0 [pid 5534] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... futex resumed>) = 0 [pid 5534] <... futex resumed>) = 1 [pid 5535] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5534] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... open resumed>) = 5 [pid 5535] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5534] <... futex resumed>) = 0 [pid 5535] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5534] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5535] <... mmap resumed>) = 0x20000000 [pid 5534] <... futex resumed>) = 0 [pid 5535] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5535] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5534] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5534] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5535] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5535] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5535] +++ killed by SIGBUS +++ [pid 5534] <... futex resumed>) = ? [pid 5534] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5534, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./166", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./166/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./166/binderfs") = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./166/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./166/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./166/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./166/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 [ 91.465413][ T5535] loop0: detected capacity change from 0 to 2048 [ 91.477329][ T5535] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 rmdir("./166") = 0 mkdir("./167", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5536 attached [pid 5536] set_robust_list(0x5555562186a0, 24) = 0 [pid 5536] chdir("./167") = 0 [pid 5536] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5536] setpgid(0, 0) = 0 [pid 5536] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5536] write(3, "1000", 4) = 4 [pid 5536] close(3) = 0 [pid 5536] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5536] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5536] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5536 [pid 5536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5536] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5537 attached => {parent_tid=[5537]}, 88) = 5537 [pid 5537] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5536] rt_sigprocmask(SIG_SETMASK, [], [pid 5537] set_robust_list(0x7f3dc90769a0, 24 [pid 5536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5537] <... set_robust_list resumed>) = 0 [pid 5536] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] rt_sigprocmask(SIG_SETMASK, [], [pid 5536] <... futex resumed>) = 0 [pid 5537] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5536] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5537] memfd_create("syzkaller", 0) = 3 [pid 5537] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5537] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5537] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5537] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5537] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5537] close(3) = 0 [pid 5537] mkdir("./file0", 0777) = 0 [pid 5537] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5537] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5537] chdir("./file0") = 0 [pid 5537] ioctl(4, LOOP_CLR_FD) = 0 [pid 5537] close(4) = 0 [pid 5537] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] <... futex resumed>) = 1 [pid 5537] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5537] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5537] <... futex resumed>) = 1 [pid 5536] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5536] <... futex resumed>) = 0 [pid 5537] <... open resumed>) = 5 [pid 5536] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5537] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] <... futex resumed>) = 0 [pid 5536] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5536] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5537] <... futex resumed>) = 1 [pid 5537] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5536] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5537] <... mmap resumed>) = 0x20000000 [pid 5536] <... mprotect resumed>) = 0 [pid 5536] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5536] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5538]}, 88) = 5538 ./strace-static-x86_64: Process 5538 attached [pid 5536] rt_sigprocmask(SIG_SETMASK, [], [pid 5538] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5536] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5538] <... rseq resumed>) = 0 [pid 5537] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5536] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5537] <... futex resumed>) = 0 [pid 5538] set_robust_list(0x7f3dc0d559a0, 24 [pid 5536] <... futex resumed>) = 0 [pid 5537] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5538] <... set_robust_list resumed>) = 0 [pid 5536] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5538] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5538] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5536] <... futex resumed>) = ? [pid 5537] <... futex resumed>) = ? [pid 5538] +++ killed by SIGBUS +++ [pid 5537] +++ killed by SIGBUS +++ [pid 5536] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5536, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./167", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./167/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./167/binderfs") = 0 [ 91.560245][ T5537] loop0: detected capacity change from 0 to 2048 [ 91.575509][ T5537] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./167/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./167/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./167/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./167/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./167") = 0 mkdir("./168", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5539 attached , child_tidptr=0x555556218690) = 5539 [pid 5539] set_robust_list(0x5555562186a0, 24) = 0 [pid 5539] chdir("./168") = 0 [pid 5539] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5539] setpgid(0, 0) = 0 [pid 5539] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5539] write(3, "1000", 4) = 4 [pid 5539] close(3) = 0 [pid 5539] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5539] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5539] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5539] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5539] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5540 attached => {parent_tid=[5540]}, 88) = 5540 [pid 5539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5539] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5540] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5540] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5540] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5540] memfd_create("syzkaller", 0) = 3 [pid 5540] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5540] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5540] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5540] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5540] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5540] close(3) = 0 [pid 5540] mkdir("./file0", 0777) = 0 [pid 5540] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5540] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5540] chdir("./file0") = 0 [pid 5540] ioctl(4, LOOP_CLR_FD) = 0 [pid 5540] close(4) = 0 [pid 5540] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 0 [pid 5540] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5540] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5540] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5539] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5540] <... futex resumed>) = 0 [pid 5540] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5540] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... futex resumed>) = 1 [pid 5539] <... futex resumed>) = 0 [pid 5540] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5539] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5540] <... mmap resumed>) = 0x20000000 [pid 5539] <... futex resumed>) = 0 [pid 5539] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5539] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5540] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5540] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5539] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5539] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5541 attached => {parent_tid=[5541]}, 88) = 5541 [pid 5539] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5539] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5539] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5541] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5541] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5541] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5541] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5540] <... futex resumed>) = ? [pid 5541] +++ killed by SIGBUS +++ [pid 5540] +++ killed by SIGBUS +++ [pid 5539] <... futex resumed>) = ? [pid 5539] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5539, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./168", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./168", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./168/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./168/binderfs") = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./168/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./168/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.651444][ T5540] loop0: detected capacity change from 0 to 2048 [ 91.664426][ T5540] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./168/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./168/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./168") = 0 mkdir("./169", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5542 ./strace-static-x86_64: Process 5542 attached [pid 5542] set_robust_list(0x5555562186a0, 24) = 0 [pid 5542] chdir("./169") = 0 [pid 5542] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5542] setpgid(0, 0) = 0 [pid 5542] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5542] write(3, "1000", 4) = 4 [pid 5542] close(3) = 0 [pid 5542] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5542] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5542] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5542] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5543]}, 88) = 5543 [pid 5542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5542] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5543 attached [pid 5543] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5543] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5543] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5543] memfd_create("syzkaller", 0) = 3 [pid 5543] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5543] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5543] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5543] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5543] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5543] close(3) = 0 [pid 5543] mkdir("./file0", 0777) = 0 [pid 5543] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5543] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5543] chdir("./file0") = 0 [pid 5543] ioctl(4, LOOP_CLR_FD) = 0 [pid 5543] close(4) = 0 [pid 5543] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5543] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = 0 [pid 5542] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5542] <... futex resumed>) = 1 [pid 5543] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5542] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... open resumed>) = 4 [pid 5543] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5542] <... futex resumed>) = 0 [pid 5543] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5542] <... futex resumed>) = 0 [pid 5543] <... open resumed>) = 5 [pid 5543] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5542] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5543] <... futex resumed>) = 0 [pid 5542] <... futex resumed>) = 1 [pid 5543] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5542] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5542] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5543] <... mmap resumed>) = 0x20000000 [pid 5542] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5543] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5542] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5543] <... futex resumed>) = 0 [pid 5543] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5542] <... mprotect resumed>) = 0 [pid 5542] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5542] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5544]}, 88) = 5544 ./strace-static-x86_64: Process 5544 attached [pid 5542] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5544] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5542] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5544] <... rseq resumed>) = 0 [pid 5544] set_robust_list(0x7f3dc0d559a0, 24 [pid 5542] <... futex resumed>) = 0 [pid 5544] <... set_robust_list resumed>) = 0 [pid 5544] rt_sigprocmask(SIG_SETMASK, [], [pid 5542] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5544] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5544] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5543] <... futex resumed>) = ? [pid 5542] <... futex resumed>) = ? [pid 5543] +++ killed by SIGBUS +++ [pid 5544] +++ killed by SIGBUS +++ [pid 5542] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5542, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./169", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./169/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./169/binderfs") = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 91.772258][ T5543] loop0: detected capacity change from 0 to 2048 [ 91.784231][ T5543] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./169/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./169/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./169/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./169/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./169") = 0 mkdir("./170", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5545 ./strace-static-x86_64: Process 5545 attached [pid 5545] set_robust_list(0x5555562186a0, 24) = 0 [pid 5545] chdir("./170") = 0 [pid 5545] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5545] setpgid(0, 0) = 0 [pid 5545] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5545] write(3, "1000", 4) = 4 [pid 5545] close(3) = 0 [pid 5545] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5545] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5545] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5545] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5545] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5546]}, 88) = 5546 [pid 5545] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5545] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5546 attached [pid 5546] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5546] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5546] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5546] memfd_create("syzkaller", 0) = 3 [pid 5546] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5546] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5546] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5546] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5546] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5546] close(3) = 0 [pid 5546] mkdir("./file0", 0777) = 0 [pid 5546] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5546] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5546] chdir("./file0") = 0 [pid 5546] ioctl(4, LOOP_CLR_FD) = 0 [pid 5546] close(4) = 0 [pid 5546] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] <... futex resumed>) = 0 [pid 5545] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5545] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5546] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5546] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5545] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5546] <... futex resumed>) = 0 [pid 5545] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5546] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5546] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5545] <... futex resumed>) = 0 [pid 5545] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5545] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5545] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5546] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5545] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5546] <... mmap resumed>) = 0x20000000 [pid 5545] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5545] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5546] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5546] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5547 attached [pid 5545] <... clone3 resumed> => {parent_tid=[5547]}, 88) = 5547 [pid 5547] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5545] rt_sigprocmask(SIG_SETMASK, [], [pid 5547] <... rseq resumed>) = 0 [pid 5545] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5547] set_robust_list(0x7f3dc0d559a0, 24 [pid 5545] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5547] <... set_robust_list resumed>) = 0 [pid 5547] rt_sigprocmask(SIG_SETMASK, [], [pid 5545] <... futex resumed>) = 0 [pid 5547] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5545] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5547] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5545] <... futex resumed>) = ? [pid 5546] <... futex resumed>) = ? [pid 5547] +++ killed by SIGBUS +++ [pid 5546] +++ killed by SIGBUS +++ [pid 5545] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5545, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./170", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./170", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./170/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./170/binderfs") = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./170/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./170/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 91.881045][ T5546] loop0: detected capacity change from 0 to 2048 [ 91.892534][ T5546] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./170/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./170/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./170") = 0 mkdir("./171", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5548 ./strace-static-x86_64: Process 5548 attached [pid 5548] set_robust_list(0x5555562186a0, 24) = 0 [pid 5548] chdir("./171") = 0 [pid 5548] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5548] setpgid(0, 0) = 0 [pid 5548] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5548] write(3, "1000", 4) = 4 [pid 5548] close(3) = 0 [pid 5548] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5548] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5548] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5548] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5549 attached [pid 5549] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5548] <... clone3 resumed> => {parent_tid=[5549]}, 88) = 5549 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5549] <... rseq resumed>) = 0 [pid 5549] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5549] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5549] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] <... futex resumed>) = 0 [pid 5549] memfd_create("syzkaller", 0 [pid 5548] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5549] <... memfd_create resumed>) = 3 [pid 5549] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5549] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5549] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5549] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5549] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5549] close(3) = 0 [pid 5549] mkdir("./file0", 0777) = 0 [ 91.972527][ T5549] __do_sys_memfd_create: 33 callbacks suppressed [ 91.972545][ T5549] syz-executor183[5549]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.007581][ T5549] loop0: detected capacity change from 0 to 2048 [pid 5549] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5549] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5549] chdir("./file0") = 0 [pid 5549] ioctl(4, LOOP_CLR_FD) = 0 [pid 5549] close(4) = 0 [pid 5549] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5548] <... futex resumed>) = 0 [pid 5549] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5548] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... open resumed>) = 4 [pid 5549] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5549] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5548] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5549] <... open resumed>) = 5 [pid 5549] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5548] <... futex resumed>) = 0 [pid 5549] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5549] <... futex resumed>) = 0 [pid 5548] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5549] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5548] <... futex resumed>) = 0 [pid 5548] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5549] <... mmap resumed>) = 0x20000000 [pid 5549] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5548] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5549] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5548] <... mprotect resumed>) = 0 [pid 5548] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5548] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5550 attached [pid 5550] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5548] <... clone3 resumed> => {parent_tid=[5550]}, 88) = 5550 [pid 5550] <... rseq resumed>) = 0 [pid 5548] rt_sigprocmask(SIG_SETMASK, [], [pid 5550] set_robust_list(0x7f3dc0d559a0, 24 [pid 5548] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5550] <... set_robust_list resumed>) = 0 [pid 5548] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5550] rt_sigprocmask(SIG_SETMASK, [], [pid 5548] <... futex resumed>) = 0 [pid 5550] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5548] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5550] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5549] <... futex resumed>) = ? [pid 5548] <... futex resumed>) = ? [pid 5550] +++ killed by SIGBUS +++ [pid 5549] +++ killed by SIGBUS +++ [pid 5548] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5548, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./171", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.019129][ T5549] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./171", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./171/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./171/binderfs") = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./171/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./171/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./171/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./171/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./171") = 0 mkdir("./172", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5551 attached , child_tidptr=0x555556218690) = 5551 [pid 5551] set_robust_list(0x5555562186a0, 24) = 0 [pid 5551] chdir("./172") = 0 [pid 5551] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5551] setpgid(0, 0) = 0 [pid 5551] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5551] write(3, "1000", 4) = 4 [pid 5551] close(3) = 0 [pid 5551] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5551] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5551] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5551] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5552 attached => {parent_tid=[5552]}, 88) = 5552 [pid 5552] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5551] rt_sigprocmask(SIG_SETMASK, [], [pid 5552] set_robust_list(0x7f3dc90769a0, 24 [pid 5551] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5552] <... set_robust_list resumed>) = 0 [pid 5551] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] rt_sigprocmask(SIG_SETMASK, [], [pid 5551] <... futex resumed>) = 0 [pid 5552] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5551] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5552] memfd_create("syzkaller", 0) = 3 [pid 5552] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5552] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5552] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5552] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5552] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5552] close(3) = 0 [pid 5552] mkdir("./file0", 0777) = 0 [pid 5552] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5552] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5552] chdir("./file0") = 0 [pid 5552] ioctl(4, LOOP_CLR_FD) = 0 [pid 5552] close(4) = 0 [pid 5552] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5551] <... futex resumed>) = 0 [pid 5551] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5551] <... futex resumed>) = 0 [pid 5551] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] <... open resumed>) = 4 [pid 5552] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5551] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5551] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5552] <... futex resumed>) = 1 [pid 5552] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5552] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5551] <... futex resumed>) = 0 [pid 5552] <... futex resumed>) = 1 [pid 5552] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... futex resumed>) = 0 [pid 5552] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5551] <... futex resumed>) = 1 [pid 5551] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5552] <... mmap resumed>) = 0x20000000 [pid 5551] <... futex resumed>) = 0 [pid 5551] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5552] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5552] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5551] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5551] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5551] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5553]}, 88) = 5553 [pid 5551] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5553 attached [pid 5551] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5553] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5551] <... futex resumed>) = 0 [pid 5553] set_robust_list(0x7f3dc0d559a0, 24 [pid 5551] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5553] <... set_robust_list resumed>) = 0 [pid 5553] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5553] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5552] <... futex resumed>) = ? [pid 5553] +++ killed by SIGBUS +++ [pid 5552] +++ killed by SIGBUS +++ [pid 5551] <... futex resumed>) = ? [pid 5551] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5551, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./172", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./172/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./172/binderfs") = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./172/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./172/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./172/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 92.111126][ T5552] syz-executor183[5552]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.135017][ T5552] loop0: detected capacity change from 0 to 2048 [ 92.146336][ T5552] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./172/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./172") = 0 mkdir("./173", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5554 ./strace-static-x86_64: Process 5554 attached [pid 5554] set_robust_list(0x5555562186a0, 24) = 0 [pid 5554] chdir("./173") = 0 [pid 5554] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5554] setpgid(0, 0) = 0 [pid 5554] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5554] write(3, "1000", 4) = 4 [pid 5554] close(3) = 0 [pid 5554] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5554] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5554] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5554] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5554] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5554] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5554] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5554] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5555 attached [pid 5555] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5555] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5555] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5555] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] <... clone3 resumed> => {parent_tid=[5555]}, 88) = 5555 [pid 5554] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5554] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5555] memfd_create("syzkaller", 0 [pid 5554] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5555] <... memfd_create resumed>) = 3 [pid 5555] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5555] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5555] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5555] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5555] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5555] close(3) = 0 [pid 5555] mkdir("./file0", 0777) = 0 [pid 5555] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5555] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5555] chdir("./file0") = 0 [pid 5555] ioctl(4, LOOP_CLR_FD) = 0 [pid 5555] close(4) = 0 [pid 5555] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] <... futex resumed>) = 0 [pid 5554] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] <... futex resumed>) = 0 [pid 5554] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5555] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] <... futex resumed>) = 0 [pid 5554] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5554] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5555] <... futex resumed>) = 0 [pid 5555] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5555] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5555] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5554] <... futex resumed>) = 0 [pid 5555] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5554] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5555] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5554] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5555] <... futex resumed>) = 0 [pid 5555] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5554] <... futex resumed>) = 0 [pid 5555] +++ killed by SIGBUS +++ [pid 5554] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5554, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./173", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./173/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./173/binderfs") = 0 [ 92.244497][ T5555] syz-executor183[5555]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.268036][ T5555] loop0: detected capacity change from 0 to 2048 [ 92.279559][ T5555] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./173/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./173/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./173/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./173/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./173") = 0 mkdir("./174", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5556 attached [pid 5556] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5556 [pid 5556] chdir("./174") = 0 [pid 5556] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5556] setpgid(0, 0) = 0 [pid 5556] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5556] write(3, "1000", 4) = 4 [pid 5556] close(3) = 0 [pid 5556] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5556] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5556] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5556] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5557 attached [pid 5557] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5556] <... clone3 resumed> => {parent_tid=[5557]}, 88) = 5557 [pid 5557] <... rseq resumed>) = 0 [pid 5557] set_robust_list(0x7f3dc90769a0, 24 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], [pid 5557] <... set_robust_list resumed>) = 0 [pid 5556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5557] rt_sigprocmask(SIG_SETMASK, [], [pid 5556] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5556] <... futex resumed>) = 0 [pid 5557] memfd_create("syzkaller", 0 [pid 5556] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5557] <... memfd_create resumed>) = 3 [pid 5557] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5557] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5557] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5557] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5557] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5557] close(3) = 0 [pid 5557] mkdir("./file0", 0777) = 0 [pid 5557] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5557] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5557] chdir("./file0") = 0 [pid 5557] ioctl(4, LOOP_CLR_FD) = 0 [pid 5557] close(4) = 0 [pid 5557] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5556] <... futex resumed>) = 0 [pid 5556] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5557] <... open resumed>) = 4 [pid 5557] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5556] <... futex resumed>) = 0 [pid 5557] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5556] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... open resumed>) = 5 [pid 5556] <... futex resumed>) = 0 [pid 5557] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5556] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5557] <... futex resumed>) = 0 [pid 5556] <... futex resumed>) = 1 [pid 5557] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5556] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5556] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5557] <... mmap resumed>) = 0x20000000 [pid 5557] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5557] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5556] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5556] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5556] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5556] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5558 attached => {parent_tid=[5558]}, 88) = 5558 [pid 5558] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5556] rt_sigprocmask(SIG_SETMASK, [], [pid 5558] <... rseq resumed>) = 0 [pid 5556] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5558] set_robust_list(0x7f3dc0d559a0, 24 [pid 5556] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5558] <... set_robust_list resumed>) = 0 [pid 5556] <... futex resumed>) = 0 [pid 5558] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5556] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5558] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5557] <... futex resumed>) = ? [pid 5556] <... futex resumed>) = ? [pid 5557] +++ killed by SIGBUS +++ [pid 5558] +++ killed by SIGBUS +++ [pid 5556] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5556, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./174", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./174/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 92.362636][ T5557] syz-executor183[5557]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.391859][ T5557] loop0: detected capacity change from 0 to 2048 [ 92.403722][ T5557] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./174/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./174/binderfs") = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./174/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./174/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./174/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./174/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./174") = 0 mkdir("./175", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5559 ./strace-static-x86_64: Process 5559 attached [pid 5559] set_robust_list(0x5555562186a0, 24) = 0 [pid 5559] chdir("./175") = 0 [pid 5559] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5559] setpgid(0, 0) = 0 [pid 5559] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5559] write(3, "1000", 4) = 4 [pid 5559] close(3) = 0 [pid 5559] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5559] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5559] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5559] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5560]}, 88) = 5560 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5559] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5560 attached [pid 5560] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5560] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5560] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5560] memfd_create("syzkaller", 0) = 3 [pid 5560] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5560] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5560] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5560] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5560] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5560] close(3) = 0 [pid 5560] mkdir("./file0", 0777) = 0 [pid 5560] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5560] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5560] chdir("./file0") = 0 [pid 5560] ioctl(4, LOOP_CLR_FD) = 0 [pid 5560] close(4) = 0 [pid 5560] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5559] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5560] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5560] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5559] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5560] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5559] <... futex resumed>) = 0 [pid 5560] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5559] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5560] <... open resumed>) = 5 [pid 5560] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5559] <... futex resumed>) = 0 [pid 5559] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5559] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5560] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5559] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5560] <... mmap resumed>) = 0x20000000 [pid 5559] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5559] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5559] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5560] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5560] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5561 attached [pid 5559] <... clone3 resumed> => {parent_tid=[5561]}, 88) = 5561 [pid 5561] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5559] rt_sigprocmask(SIG_SETMASK, [], [pid 5561] <... rseq resumed>) = 0 [pid 5559] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5561] set_robust_list(0x7f3dc0d559a0, 24 [pid 5559] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5561] <... set_robust_list resumed>) = 0 [pid 5559] <... futex resumed>) = 0 [pid 5559] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5561] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5561] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5559] <... futex resumed>) = ? [pid 5560] <... futex resumed>) = ? [pid 5560] +++ killed by SIGBUS +++ [pid 5561] +++ killed by SIGBUS +++ [pid 5559] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5559, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./175", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./175/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./175/binderfs") = 0 [ 92.481876][ T5560] syz-executor183[5560]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.510165][ T5560] loop0: detected capacity change from 0 to 2048 [ 92.521606][ T5560] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./175/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./175/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./175/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./175/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./175") = 0 mkdir("./176", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5562 attached [pid 5562] set_robust_list(0x5555562186a0, 24) = 0 [pid 5562] chdir("./176" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5562 [pid 5562] <... chdir resumed>) = 0 [pid 5562] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5562] setpgid(0, 0) = 0 [pid 5562] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5562] write(3, "1000", 4) = 4 [pid 5562] close(3) = 0 [pid 5562] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5562] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5562] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5562] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5563 attached [pid 5563] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5562] <... clone3 resumed> => {parent_tid=[5563]}, 88) = 5563 [pid 5563] set_robust_list(0x7f3dc90769a0, 24 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], [pid 5563] <... set_robust_list resumed>) = 0 [pid 5562] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5563] rt_sigprocmask(SIG_SETMASK, [], [pid 5562] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5563] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5562] <... futex resumed>) = 0 [pid 5563] memfd_create("syzkaller", 0 [pid 5562] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5563] <... memfd_create resumed>) = 3 [pid 5563] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5563] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5563] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5563] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5563] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5563] close(3) = 0 [pid 5563] mkdir("./file0", 0777) = 0 [pid 5563] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5563] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5563] chdir("./file0") = 0 [pid 5563] ioctl(4, LOOP_CLR_FD) = 0 [pid 5563] close(4) = 0 [pid 5563] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... futex resumed>) = 1 [pid 5563] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5563] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... futex resumed>) = 1 [pid 5563] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5563] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5562] <... futex resumed>) = 0 [pid 5562] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5562] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5562] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5562] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5564]}, 88) = 5564 [pid 5562] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5562] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5562] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5563] <... futex resumed>) = 1 [pid 5563] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5564] rt_sigprocmask(SIG_SETMASK, [], [pid 5563] <... futex resumed>) = 0 [pid 5564] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5563] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5564] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5563] <... futex resumed>) = ? [pid 5562] <... futex resumed>) = ? [pid 5563] +++ killed by SIGBUS +++ [pid 5564] +++ killed by SIGBUS +++ [pid 5562] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5562, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 92.601261][ T5563] syz-executor183[5563]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.628751][ T5563] loop0: detected capacity change from 0 to 2048 [ 92.640082][ T5563] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./176", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./176/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./176/binderfs") = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./176/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./176/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./176/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./176/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./176") = 0 mkdir("./177", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5565 ./strace-static-x86_64: Process 5565 attached [pid 5565] set_robust_list(0x5555562186a0, 24) = 0 [pid 5565] chdir("./177") = 0 [pid 5565] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5565] setpgid(0, 0) = 0 [pid 5565] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5565] write(3, "1000", 4) = 4 [pid 5565] close(3) = 0 [pid 5565] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5565] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5565] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5565] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5566 attached => {parent_tid=[5566]}, 88) = 5566 [pid 5566] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], [pid 5566] set_robust_list(0x7f3dc90769a0, 24 [pid 5565] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5566] <... set_robust_list resumed>) = 0 [pid 5565] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] rt_sigprocmask(SIG_SETMASK, [], [pid 5565] <... futex resumed>) = 0 [pid 5566] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5565] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5566] memfd_create("syzkaller", 0) = 3 [pid 5566] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5566] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5566] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5566] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5566] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5566] close(3) = 0 [pid 5566] mkdir("./file0", 0777) = 0 [pid 5566] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5566] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5566] chdir("./file0") = 0 [pid 5566] ioctl(4, LOOP_CLR_FD) = 0 [pid 5566] close(4) = 0 [pid 5566] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5565] <... futex resumed>) = 1 [pid 5566] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5565] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] <... open resumed>) = 4 [pid 5566] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5565] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5566] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5566] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5565] <... futex resumed>) = 0 [pid 5566] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5566] <... futex resumed>) = 0 [pid 5565] <... futex resumed>) = 1 [pid 5566] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5565] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5566] <... mmap resumed>) = 0x20000000 [pid 5565] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5566] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5565] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5566] <... futex resumed>) = 0 [pid 5565] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5566] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5565] <... mprotect resumed>) = 0 [pid 5565] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5565] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5567]}, 88) = 5567 [pid 5565] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5565] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5565] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5567 attached [pid 5567] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5567] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5567] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5567] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5565] <... futex resumed>) = ? [pid 5567] +++ killed by SIGBUS +++ [pid 5566] <... futex resumed>) = ? [pid 5566] +++ killed by SIGBUS +++ [pid 5565] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5565, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./177", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./177/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./177/binderfs") = 0 [ 92.722526][ T5566] syz-executor183[5566]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.748053][ T5566] loop0: detected capacity change from 0 to 2048 [ 92.760886][ T5566] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./177/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./177/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./177/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./177/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./177") = 0 mkdir("./178", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5568 attached , child_tidptr=0x555556218690) = 5568 [pid 5568] set_robust_list(0x5555562186a0, 24) = 0 [pid 5568] chdir("./178") = 0 [pid 5568] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5568] setpgid(0, 0) = 0 [pid 5568] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5568] write(3, "1000", 4) = 4 [pid 5568] close(3) = 0 [pid 5568] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5568] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5568] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5568] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5569 attached => {parent_tid=[5569]}, 88) = 5569 [pid 5568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5568] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5569] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5569] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5569] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5569] memfd_create("syzkaller", 0) = 3 [pid 5569] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5569] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5569] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5569] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5569] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5569] close(3) = 0 [pid 5569] mkdir("./file0", 0777) = 0 [pid 5569] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5569] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5569] chdir("./file0") = 0 [pid 5569] ioctl(4, LOOP_CLR_FD) = 0 [pid 5569] close(4) = 0 [pid 5569] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] <... futex resumed>) = 0 [pid 5569] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5568] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... open resumed>) = 4 [pid 5569] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5569] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] <... futex resumed>) = 0 [pid 5568] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5569] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5569] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5568] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5569] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5569] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5568] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5568] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5569] <... mmap resumed>) = 0x20000000 [pid 5569] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5569] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5568] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5568] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5568] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5570 attached => {parent_tid=[5570]}, 88) = 5570 [pid 5570] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5570] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5570] rt_sigprocmask(SIG_SETMASK, [], [pid 5568] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5570] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5570] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5568] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5570] <... futex resumed>) = 0 [pid 5568] <... futex resumed>) = 1 [pid 5570] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5568] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5569] <... futex resumed>) = ? [pid 5569] +++ killed by SIGBUS +++ [pid 5568] <... futex resumed>) = ? [pid 5570] +++ killed by SIGBUS +++ [pid 5568] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5568, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./178", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./178/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./178/binderfs") = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./178/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./178/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./178/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./178/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./178") = 0 mkdir("./179", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5571 attached , child_tidptr=0x555556218690) = 5571 [pid 5571] set_robust_list(0x5555562186a0, 24) = 0 [pid 5571] chdir("./179") = 0 [pid 5571] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5571] setpgid(0, 0) = 0 [pid 5571] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 92.853281][ T5569] syz-executor183[5569]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.875371][ T5569] loop0: detected capacity change from 0 to 2048 [ 92.886818][ T5569] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5571] write(3, "1000", 4) = 4 [pid 5571] close(3) = 0 [pid 5571] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5571] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5571] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5571] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5572]}, 88) = 5572 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5571] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5572 attached [pid 5571] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5572] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5572] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5572] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5572] memfd_create("syzkaller", 0) = 3 [pid 5572] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5572] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5572] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5572] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5572] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5572] close(3) = 0 [pid 5572] mkdir("./file0", 0777) = 0 [ 92.943149][ T5572] syz-executor183[5572]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 92.975986][ T5572] loop0: detected capacity change from 0 to 2048 [pid 5572] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5572] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5572] chdir("./file0") = 0 [pid 5572] ioctl(4, LOOP_CLR_FD) = 0 [pid 5572] close(4) = 0 [pid 5572] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5571] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5572] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5572] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5571] <... futex resumed>) = 0 [pid 5572] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5571] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5572] <... open resumed>) = 5 [pid 5572] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5571] <... futex resumed>) = 0 [pid 5572] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5572] <... futex resumed>) = 0 [pid 5572] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5571] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5571] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5572] <... mmap resumed>) = 0x20000000 [pid 5572] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5572] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5571] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5571] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5571] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5573 attached => {parent_tid=[5573]}, 88) = 5573 [pid 5573] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5571] rt_sigprocmask(SIG_SETMASK, [], [pid 5573] <... rseq resumed>) = 0 [pid 5571] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5573] set_robust_list(0x7f3dc0d559a0, 24 [pid 5571] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5573] <... set_robust_list resumed>) = 0 [pid 5573] rt_sigprocmask(SIG_SETMASK, [], [pid 5571] <... futex resumed>) = 0 [pid 5573] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5571] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5573] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5571] <... futex resumed>) = ? [pid 5572] <... futex resumed>) = ? [pid 5573] +++ killed by SIGBUS +++ [pid 5572] +++ killed by SIGBUS +++ [pid 5571] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5571, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./179", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./179/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./179/binderfs") = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./179/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./179/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./179/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./179/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./179") = 0 mkdir("./180", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5574 attached , child_tidptr=0x555556218690) = 5574 [pid 5574] set_robust_list(0x5555562186a0, 24) = 0 [pid 5574] chdir("./180") = 0 [pid 5574] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5574] setpgid(0, 0) = 0 [pid 5574] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5574] write(3, "1000", 4) = 4 [pid 5574] close(3) = 0 [pid 5574] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5574] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5574] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5574] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5574] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5575 attached => {parent_tid=[5575]}, 88) = 5575 [pid 5575] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5575] set_robust_list(0x7f3dc90769a0, 24 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], [pid 5575] <... set_robust_list resumed>) = 0 [pid 5574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5575] rt_sigprocmask(SIG_SETMASK, [], [pid 5574] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... rt_sigprocmask resumed>NULL, 8) = 0 [ 92.998123][ T5572] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5575] memfd_create("syzkaller", 0) = 3 [pid 5575] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5575] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5575] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5575] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5575] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5575] close(3) = 0 [pid 5575] mkdir("./file0", 0777) = 0 [ 93.053730][ T5575] syz-executor183[5575]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 93.086210][ T5575] loop0: detected capacity change from 0 to 2048 [pid 5575] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5575] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5575] chdir("./file0") = 0 [pid 5575] ioctl(4, LOOP_CLR_FD) = 0 [pid 5575] close(4) = 0 [pid 5575] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5575] <... futex resumed>) = 0 [pid 5574] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5575] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5574] <... futex resumed>) = 0 [pid 5575] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5574] <... futex resumed>) = 0 [pid 5575] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5574] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5575] <... open resumed>) = 5 [pid 5575] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] <... futex resumed>) = 0 [pid 5574] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5575] <... futex resumed>) = 1 [pid 5574] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5575] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5574] <... futex resumed>) = 0 [pid 5575] <... mmap resumed>) = 0x20000000 [pid 5574] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5575] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5574] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5575] <... futex resumed>) = 0 [pid 5574] <... mprotect resumed>) = 0 [pid 5575] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5574] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5574] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5576 attached [pid 5576] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5574] <... clone3 resumed> => {parent_tid=[5576]}, 88) = 5576 [pid 5576] <... rseq resumed>) = 0 [pid 5574] rt_sigprocmask(SIG_SETMASK, [], [pid 5576] set_robust_list(0x7f3dc0d559a0, 24 [pid 5574] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5576] <... set_robust_list resumed>) = 0 [pid 5574] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5576] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5574] <... futex resumed>) = 0 [pid 5576] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5574] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5575] <... futex resumed>) = ? [pid 5575] +++ killed by SIGBUS +++ [pid 5576] +++ killed by SIGBUS +++ [pid 5574] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5574, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./180", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./180/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./180/binderfs") = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./180/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./180/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./180/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./180/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./180") = 0 mkdir("./181", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5577 ./strace-static-x86_64: Process 5577 attached [pid 5577] set_robust_list(0x5555562186a0, 24) = 0 [pid 5577] chdir("./181") = 0 [ 93.101557][ T5575] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5577] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5577] setpgid(0, 0) = 0 [pid 5577] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5577] write(3, "1000", 4) = 4 [pid 5577] close(3) = 0 [pid 5577] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5577] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5577] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5577] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5577] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5578]}, 88) = 5578 ./strace-static-x86_64: Process 5578 attached [pid 5577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5577] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5578] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5578] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5578] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5578] memfd_create("syzkaller", 0) = 3 [pid 5578] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5578] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5578] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5578] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5578] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5578] close(3) = 0 [pid 5578] mkdir("./file0", 0777) = 0 [pid 5578] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5578] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5578] chdir("./file0") = 0 [pid 5578] ioctl(4, LOOP_CLR_FD) = 0 [pid 5578] close(4) = 0 [pid 5578] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5578] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5577] <... futex resumed>) = 0 [pid 5577] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5578] <... futex resumed>) = 0 [pid 5578] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5577] <... futex resumed>) = 1 [pid 5577] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] <... open resumed>) = 4 [pid 5578] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5577] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5578] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5578] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5577] <... futex resumed>) = 0 [pid 5577] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5577] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5577] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5577] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5578] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<[], 8) = 0 [pid 5577] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5579]}, 88) = 5579 ./strace-static-x86_64: Process 5579 attached [pid 5579] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5577] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5577] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] set_robust_list(0x7f3dc0d559a0, 24 [pid 5577] <... futex resumed>) = 0 [pid 5577] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5579] <... set_robust_list resumed>) = 0 [pid 5579] rt_sigprocmask(SIG_SETMASK, [], [pid 5578] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5579] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5578] <... futex resumed>) = 0 [pid 5578] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5579] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5577] <... futex resumed>) = ? [pid 5578] <... futex resumed>) = ? [pid 5579] +++ killed by SIGBUS +++ [pid 5578] +++ killed by SIGBUS +++ [pid 5577] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5577, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./181", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./181/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./181/binderfs") = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./181/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./181/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./181/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./181/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./181") = 0 mkdir("./182", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 93.192454][ T5578] loop0: detected capacity change from 0 to 2048 [ 93.204796][ T5578] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5580 ./strace-static-x86_64: Process 5580 attached [pid 5580] set_robust_list(0x5555562186a0, 24) = 0 [pid 5580] chdir("./182") = 0 [pid 5580] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5580] setpgid(0, 0) = 0 [pid 5580] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5580] write(3, "1000", 4) = 4 [pid 5580] close(3) = 0 [pid 5580] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5580] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5580] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5580] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5581]}, 88) = 5581 ./strace-static-x86_64: Process 5581 attached [pid 5580] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5581] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5581] rt_sigprocmask(SIG_SETMASK, [], [pid 5580] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5581] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5581] memfd_create("syzkaller", 0) = 3 [pid 5581] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5581] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5581] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5581] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5581] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5581] close(3) = 0 [pid 5581] mkdir("./file0", 0777) = 0 [pid 5581] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5581] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5581] chdir("./file0") = 0 [pid 5581] ioctl(4, LOOP_CLR_FD) = 0 [pid 5581] close(4) = 0 [pid 5581] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] <... futex resumed>) = 1 [pid 5581] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5581] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5581] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5581] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5580] <... futex resumed>) = 0 [pid 5580] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5580] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5580] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5580] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5580] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5582]}, 88) = 5582 [pid 5580] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5580] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5582 attached [pid 5581] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5580] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5582] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5582] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5582] rt_sigprocmask(SIG_SETMASK, [], [pid 5581] <... mmap resumed>) = 0x20000000 [pid 5582] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5581] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5582] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5581] <... futex resumed>) = 0 [pid 5581] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5580] <... futex resumed>) = ? [pid 5581] <... futex resumed>) = ? [pid 5582] +++ killed by SIGBUS +++ [pid 5581] +++ killed by SIGBUS +++ [pid 5580] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5580, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./182", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./182/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./182/binderfs") = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./182/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./182/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./182/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./182/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./182") = 0 mkdir("./183", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5583 ./strace-static-x86_64: Process 5583 attached [pid 5583] set_robust_list(0x5555562186a0, 24) = 0 [pid 5583] chdir("./183") = 0 [pid 5583] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5583] setpgid(0, 0) = 0 [pid 5583] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5583] write(3, "1000", 4) = 4 [pid 5583] close(3) = 0 [ 93.282067][ T5581] loop0: detected capacity change from 0 to 2048 [ 93.299327][ T5581] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5583] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5583] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5583] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5583] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5584]}, 88) = 5584 ./strace-static-x86_64: Process 5584 attached [pid 5583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5583] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5584] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5584] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5584] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5584] memfd_create("syzkaller", 0) = 3 [pid 5584] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5584] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5584] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5584] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5584] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5584] close(3) = 0 [pid 5584] mkdir("./file0", 0777) = 0 [pid 5584] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5584] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5584] chdir("./file0") = 0 [pid 5584] ioctl(4, LOOP_CLR_FD) = 0 [pid 5584] close(4) = 0 [pid 5584] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5584] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] <... futex resumed>) = 0 [pid 5583] <... futex resumed>) = 1 [pid 5584] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5583] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] <... open resumed>) = 4 [pid 5584] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5583] <... futex resumed>) = 0 [pid 5584] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5583] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5583] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5584] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... futex resumed>) = 0 [pid 5583] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5584] <... futex resumed>) = 1 [pid 5583] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5584] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5583] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5583] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5584] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5583] <... mprotect resumed>) = 0 [pid 5584] <... futex resumed>) = 0 [pid 5584] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5583] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5583] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5585 attached => {parent_tid=[5585]}, 88) = 5585 [pid 5583] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5583] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5583] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5585] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5585] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5585] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5585] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5584] <... futex resumed>) = ? [pid 5584] +++ killed by SIGBUS +++ [pid 5583] <... futex resumed>) = ? [pid 5585] +++ killed by SIGBUS +++ [pid 5583] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5583, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./183", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./183/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./183/binderfs") = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./183/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./183/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./183/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./183/file0") = 0 [ 93.380152][ T5584] loop0: detected capacity change from 0 to 2048 [ 93.391878][ T5584] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./183") = 0 mkdir("./184", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5586 ./strace-static-x86_64: Process 5586 attached [pid 5586] set_robust_list(0x5555562186a0, 24) = 0 [pid 5586] chdir("./184") = 0 [pid 5586] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5586] setpgid(0, 0) = 0 [pid 5586] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5586] write(3, "1000", 4) = 4 [pid 5586] close(3) = 0 [pid 5586] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5586] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5586] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5586] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5586] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5586] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5586] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5586] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5587 attached [pid 5587] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5586] <... clone3 resumed> => {parent_tid=[5587]}, 88) = 5587 [pid 5587] <... rseq resumed>) = 0 [pid 5587] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5586] rt_sigprocmask(SIG_SETMASK, [], [pid 5587] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5587] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5586] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5586] <... futex resumed>) = 1 [pid 5587] memfd_create("syzkaller", 0 [pid 5586] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5587] <... memfd_create resumed>) = 3 [pid 5587] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5587] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5587] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5587] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5587] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5587] close(3) = 0 [pid 5587] mkdir("./file0", 0777) = 0 [pid 5587] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5587] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5587] chdir("./file0") = 0 [pid 5587] ioctl(4, LOOP_CLR_FD) = 0 [pid 5587] close(4) = 0 [pid 5587] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5586] <... futex resumed>) = 0 [pid 5587] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5586] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... open resumed>) = 4 [pid 5587] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5587] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] <... futex resumed>) = 0 [pid 5586] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5586] <... futex resumed>) = 1 [pid 5587] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5586] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5587] <... open resumed>) = 5 [pid 5587] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5586] <... futex resumed>) = 0 [pid 5587] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5587] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5587] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5586] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5587] <... futex resumed>) = 0 [pid 5586] <... futex resumed>) = 1 [pid 5587] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5586] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5587] +++ killed by SIGBUS +++ [pid 5586] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5586, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./184", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./184/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./184/binderfs") = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 93.492588][ T5587] loop0: detected capacity change from 0 to 2048 [ 93.514237][ T5587] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./184/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./184/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./184/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./184/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./184") = 0 mkdir("./185", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5588 ./strace-static-x86_64: Process 5588 attached [pid 5588] set_robust_list(0x5555562186a0, 24) = 0 [pid 5588] chdir("./185") = 0 [pid 5588] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5588] setpgid(0, 0) = 0 [pid 5588] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5588] write(3, "1000", 4) = 4 [pid 5588] close(3) = 0 [pid 5588] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5588] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5588] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5588] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5589 attached => {parent_tid=[5589]}, 88) = 5589 [pid 5589] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5588] rt_sigprocmask(SIG_SETMASK, [], [pid 5589] <... rseq resumed>) = 0 [pid 5588] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5589] set_robust_list(0x7f3dc90769a0, 24 [pid 5588] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5589] <... set_robust_list resumed>) = 0 [pid 5588] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5589] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5589] memfd_create("syzkaller", 0) = 3 [pid 5589] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5589] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5589] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5589] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5589] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5589] close(3) = 0 [pid 5589] mkdir("./file0", 0777) = 0 [pid 5589] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5589] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5589] chdir("./file0") = 0 [pid 5589] ioctl(4, LOOP_CLR_FD) = 0 [pid 5589] close(4) = 0 [pid 5589] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5588] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... open resumed>) = 4 [pid 5589] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5589] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5588] <... futex resumed>) = 0 [pid 5589] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5588] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5589] <... open resumed>) = 5 [pid 5589] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5589] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5588] <... futex resumed>) = 0 [pid 5588] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5588] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5588] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5589] <... mmap resumed>) = 0x20000000 [pid 5588] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5589] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5588] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5590 attached [pid 5589] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5590] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5588] <... clone3 resumed> => {parent_tid=[5590]}, 88) = 5590 [pid 5590] <... rseq resumed>) = 0 [pid 5590] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5590] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5590] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5588] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5588] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5590] <... futex resumed>) = 0 [pid 5588] <... futex resumed>) = 1 [pid 5590] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5588] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5589] <... futex resumed>) = ? [pid 5590] +++ killed by SIGBUS +++ [pid 5589] +++ killed by SIGBUS +++ [pid 5588] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5588, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./185", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./185/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./185/binderfs") = 0 [ 93.616151][ T5589] loop0: detected capacity change from 0 to 2048 [ 93.628919][ T5589] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./185/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./185/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./185/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./185/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./185") = 0 mkdir("./186", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5591 attached , child_tidptr=0x555556218690) = 5591 [pid 5591] set_robust_list(0x5555562186a0, 24) = 0 [pid 5591] chdir("./186") = 0 [pid 5591] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5591] setpgid(0, 0) = 0 [pid 5591] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5591] write(3, "1000", 4) = 4 [pid 5591] close(3) = 0 [pid 5591] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5591] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5591] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5591] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5592]}, 88) = 5592 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5591] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5591] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5592 attached [pid 5592] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5592] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5592] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5592] memfd_create("syzkaller", 0) = 3 [pid 5592] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5592] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5592] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5592] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5592] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5592] close(3) = 0 [pid 5592] mkdir("./file0", 0777) = 0 [pid 5592] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5592] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5592] chdir("./file0") = 0 [pid 5592] ioctl(4, LOOP_CLR_FD) = 0 [pid 5592] close(4) = 0 [pid 5592] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5592] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] <... futex resumed>) = 0 [pid 5592] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5591] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... open resumed>) = 4 [pid 5592] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5592] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] <... futex resumed>) = 0 [pid 5592] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5591] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5592] <... open resumed>) = 5 [pid 5592] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5591] <... futex resumed>) = 0 [pid 5592] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5591] <... futex resumed>) = 0 [pid 5592] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5591] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5592] <... mmap resumed>) = 0x20000000 [pid 5591] <... futex resumed>) = 0 [pid 5591] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5592] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5591] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5592] <... futex resumed>) = 0 [pid 5591] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5592] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5591] <... mprotect resumed>) = 0 [pid 5591] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5591] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5593 attached => {parent_tid=[5593]}, 88) = 5593 [pid 5591] rt_sigprocmask(SIG_SETMASK, [], [pid 5593] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5591] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5593] <... rseq resumed>) = 0 [pid 5593] set_robust_list(0x7f3dc0d559a0, 24 [pid 5591] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5593] <... set_robust_list resumed>) = 0 [pid 5593] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5593] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5592] <... futex resumed>) = ? [pid 5591] <... futex resumed>) = ? [pid 5592] +++ killed by SIGBUS +++ [pid 5593] +++ killed by SIGBUS +++ [pid 5591] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5591, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./186", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./186/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./186/binderfs") = 0 [ 93.722889][ T5592] loop0: detected capacity change from 0 to 2048 [ 93.735861][ T5592] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./186/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./186/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./186/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./186/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./186") = 0 mkdir("./187", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5594 attached , child_tidptr=0x555556218690) = 5594 [pid 5594] set_robust_list(0x5555562186a0, 24) = 0 [pid 5594] chdir("./187") = 0 [pid 5594] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5594] setpgid(0, 0) = 0 [pid 5594] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5594] write(3, "1000", 4) = 4 [pid 5594] close(3) = 0 [pid 5594] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5594] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5594] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5594] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5595]}, 88) = 5595 [pid 5594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5594] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5595 attached [pid 5595] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5595] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5595] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5595] memfd_create("syzkaller", 0) = 3 [pid 5595] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5595] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5595] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5595] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5595] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5595] close(3) = 0 [pid 5595] mkdir("./file0", 0777) = 0 [pid 5595] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5595] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5595] chdir("./file0") = 0 [pid 5595] ioctl(4, LOOP_CLR_FD) = 0 [pid 5595] close(4) = 0 [pid 5595] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5594] <... futex resumed>) = 0 [pid 5595] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5594] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... open resumed>) = 4 [pid 5595] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5594] <... futex resumed>) = 0 [pid 5595] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5595] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5594] <... futex resumed>) = 0 [pid 5595] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5594] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5595] <... open resumed>) = 5 [pid 5595] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5594] <... futex resumed>) = 0 [pid 5594] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5595] <... futex resumed>) = 1 [pid 5595] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5594] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5595] <... mmap resumed>) = 0x20000000 [pid 5594] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5594] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5594] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5595] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5595] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5594] <... clone3 resumed> => {parent_tid=[5596]}, 88) = 5596 [pid 5594] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5594] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5594] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5596 attached [pid 5596] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5596] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5596] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5596] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5595] <... futex resumed>) = ? [pid 5596] +++ killed by SIGBUS +++ [pid 5595] +++ killed by SIGBUS +++ [pid 5594] <... futex resumed>) = ? [pid 5594] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5594, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./187", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./187/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./187/binderfs") = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./187/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./187/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./187/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./187/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./187") = 0 mkdir("./188", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5597 attached , child_tidptr=0x555556218690) = 5597 [pid 5597] set_robust_list(0x5555562186a0, 24) = 0 [pid 5597] chdir("./188") = 0 [pid 5597] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5597] setpgid(0, 0) = 0 [ 93.832031][ T5595] loop0: detected capacity change from 0 to 2048 [ 93.842763][ T5595] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5597] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5597] write(3, "1000", 4) = 4 [pid 5597] close(3) = 0 [pid 5597] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5597] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5597] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5597] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5598]}, 88) = 5598 [pid 5597] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5597] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5598 attached [pid 5598] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5598] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5598] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5598] memfd_create("syzkaller", 0) = 3 [pid 5598] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5598] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5598] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5598] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5598] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5598] close(3) = 0 [pid 5598] mkdir("./file0", 0777) = 0 [pid 5598] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5598] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5598] chdir("./file0") = 0 [pid 5598] ioctl(4, LOOP_CLR_FD) = 0 [pid 5598] close(4) = 0 [pid 5598] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5597] <... futex resumed>) = 0 [pid 5598] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5597] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... open resumed>) = 4 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5597] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] <... futex resumed>) = 0 [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5598] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5597] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] <... open resumed>) = 5 [pid 5597] <... futex resumed>) = 0 [pid 5598] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5598] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5598] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5597] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5598] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5597] <... futex resumed>) = 0 [pid 5598] <... mmap resumed>) = 0x20000000 [pid 5597] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5597] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5597] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5597] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5598] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5597] <... clone3 resumed> => {parent_tid=[5599]}, 88) = 5599 [pid 5598] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5597] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5599 attached NULL, 8) = 0 [pid 5597] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5599] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5597] <... futex resumed>) = 0 [pid 5599] <... rseq resumed>) = 0 [pid 5597] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5599] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5599] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5599] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5598] <... futex resumed>) = ? [pid 5597] <... futex resumed>) = ? [pid 5598] +++ killed by SIGBUS +++ [pid 5599] +++ killed by SIGBUS +++ [pid 5597] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5597, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./188", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./188/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./188/binderfs") = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./188/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./188/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./188/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 93.934154][ T5598] loop0: detected capacity change from 0 to 2048 [ 93.946597][ T5598] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./188/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./188") = 0 mkdir("./189", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5600 attached [pid 5600] set_robust_list(0x5555562186a0, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5600 [pid 5600] <... set_robust_list resumed>) = 0 [pid 5600] chdir("./189") = 0 [pid 5600] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5600] setpgid(0, 0) = 0 [pid 5600] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5600] write(3, "1000", 4) = 4 [pid 5600] close(3) = 0 [pid 5600] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5600] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5600] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5600] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5601 attached => {parent_tid=[5601]}, 88) = 5601 [pid 5601] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5601] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5601] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], [pid 5601] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5600] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5601] <... futex resumed>) = 0 [pid 5600] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5601] memfd_create("syzkaller", 0) = 3 [pid 5601] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5601] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5601] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5601] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5601] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5601] close(3) = 0 [pid 5601] mkdir("./file0", 0777) = 0 [pid 5601] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5601] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5601] chdir("./file0") = 0 [pid 5601] ioctl(4, LOOP_CLR_FD) = 0 [pid 5601] close(4) = 0 [pid 5601] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] <... futex resumed>) = 1 [pid 5601] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5601] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5601] <... futex resumed>) = 1 [pid 5600] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5601] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5600] <... futex resumed>) = 0 [pid 5601] <... open resumed>) = 5 [pid 5600] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5601] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5600] <... futex resumed>) = 0 [pid 5600] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5601] <... futex resumed>) = 1 [pid 5600] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5601] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5600] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5601] <... mmap resumed>) = 0x20000000 [pid 5600] <... mprotect resumed>) = 0 [pid 5600] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5600] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5601] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5601] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5600] <... clone3 resumed> => {parent_tid=[5602]}, 88) = 5602 [pid 5600] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5600] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5600] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5602 attached [pid 5602] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5602] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5602] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5602] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5601] <... futex resumed>) = ? [pid 5602] +++ killed by SIGBUS +++ [pid 5600] <... futex resumed>) = ? [pid 5601] +++ killed by SIGBUS +++ [pid 5600] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5600, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./189", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./189/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./189/binderfs") = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./189/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./189/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./189/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./189/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./189") = 0 mkdir("./190", 0777) = 0 [ 94.049598][ T5601] loop0: detected capacity change from 0 to 2048 [ 94.062302][ T5601] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5603 ./strace-static-x86_64: Process 5603 attached [pid 5603] set_robust_list(0x5555562186a0, 24) = 0 [pid 5603] chdir("./190") = 0 [pid 5603] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5603] setpgid(0, 0) = 0 [pid 5603] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5603] write(3, "1000", 4) = 4 [pid 5603] close(3) = 0 [pid 5603] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5603] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5603] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5603] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5604]}, 88) = 5604 ./strace-static-x86_64: Process 5604 attached [pid 5603] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5604] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5604] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5604] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5604] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = 0 [pid 5603] <... futex resumed>) = 1 [pid 5604] memfd_create("syzkaller", 0) = 3 [pid 5604] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5604] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576 [pid 5603] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5604] <... write resumed>) = 1048576 [pid 5604] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5604] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5604] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5604] close(3) = 0 [pid 5604] mkdir("./file0", 0777) = 0 [pid 5604] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5604] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5604] chdir("./file0") = 0 [pid 5604] ioctl(4, LOOP_CLR_FD) = 0 [pid 5604] close(4) = 0 [pid 5604] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5604] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5603] <... futex resumed>) = 0 [pid 5604] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5603] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... open resumed>) = 4 [pid 5604] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5603] <... futex resumed>) = 0 [pid 5604] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5603] <... futex resumed>) = 0 [pid 5604] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5603] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5604] <... open resumed>) = 5 [pid 5604] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5603] <... futex resumed>) = 0 [pid 5604] <... futex resumed>) = 1 [pid 5603] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5604] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5603] <... futex resumed>) = 0 [pid 5603] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5604] <... mmap resumed>) = 0x20000000 [pid 5603] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5604] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5603] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5604] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5603] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5603] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5603] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5605 attached [pid 5605] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5603] <... clone3 resumed> => {parent_tid=[5605]}, 88) = 5605 [pid 5605] <... rseq resumed>) = 0 [pid 5603] rt_sigprocmask(SIG_SETMASK, [], [pid 5605] set_robust_list(0x7f3dc0d559a0, 24 [pid 5603] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5605] <... set_robust_list resumed>) = 0 [pid 5603] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5605] rt_sigprocmask(SIG_SETMASK, [], [pid 5603] <... futex resumed>) = 0 [pid 5605] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5603] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5605] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5603] <... futex resumed>) = ? [pid 5604] <... futex resumed>) = ? [pid 5605] +++ killed by SIGBUS +++ [pid 5604] +++ killed by SIGBUS +++ [pid 5603] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5603, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./190", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./190/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./190/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./190/binderfs") = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 94.164389][ T5604] loop0: detected capacity change from 0 to 2048 [ 94.175944][ T5604] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./190/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./190/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./190/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./190/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./190") = 0 mkdir("./191", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5606 ./strace-static-x86_64: Process 5606 attached [pid 5606] set_robust_list(0x5555562186a0, 24) = 0 [pid 5606] chdir("./191") = 0 [pid 5606] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5606] setpgid(0, 0) = 0 [pid 5606] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5606] write(3, "1000", 4) = 4 [pid 5606] close(3) = 0 [pid 5606] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5606] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5606] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5606] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5606] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5606] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5606] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5607]}, 88) = 5607 [pid 5606] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5606] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5606] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5607 attached [pid 5607] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5607] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5607] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5607] memfd_create("syzkaller", 0) = 3 [pid 5607] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5607] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5607] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5607] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5607] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5607] close(3) = 0 [pid 5607] mkdir("./file0", 0777) = 0 [pid 5607] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5607] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5607] chdir("./file0") = 0 [pid 5607] ioctl(4, LOOP_CLR_FD) = 0 [pid 5607] close(4) = 0 [pid 5607] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5606] <... futex resumed>) = 1 [pid 5607] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5606] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5607] <... open resumed>) = 4 [pid 5607] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5607] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] <... futex resumed>) = 0 [pid 5606] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5607] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5607] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5606] <... futex resumed>) = 1 [pid 5606] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5606] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5607] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5606] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5607] <... futex resumed>) = 0 [pid 5607] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5606] <... futex resumed>) = 0 [pid 5607] +++ killed by SIGBUS +++ [pid 5606] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5606, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./191", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./191/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./191/binderfs") = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./191/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./191/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./191/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./191/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./191") = 0 mkdir("./192", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5608 attached , child_tidptr=0x555556218690) = 5608 [pid 5608] set_robust_list(0x5555562186a0, 24) = 0 [pid 5608] chdir("./192") = 0 [pid 5608] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5608] setpgid(0, 0) = 0 [pid 5608] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5608] write(3, "1000", 4) = 4 [pid 5608] close(3) = 0 [pid 5608] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5608] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5608] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5608] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [ 94.284201][ T5607] loop0: detected capacity change from 0 to 2048 [ 94.296136][ T5607] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5609 attached => {parent_tid=[5609]}, 88) = 5609 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5608] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5609] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5609] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5609] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5609] memfd_create("syzkaller", 0) = 3 [pid 5609] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5609] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5609] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5609] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5609] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5609] close(3) = 0 [pid 5609] mkdir("./file0", 0777) = 0 [pid 5609] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5609] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5609] chdir("./file0") = 0 [pid 5609] ioctl(4, LOOP_CLR_FD) = 0 [pid 5609] close(4) = 0 [pid 5609] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5609] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... futex resumed>) = 0 [pid 5608] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... futex resumed>) = 0 [pid 5609] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5608] <... futex resumed>) = 1 [pid 5608] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5609] <... open resumed>) = 4 [pid 5609] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5608] <... futex resumed>) = 0 [pid 5609] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5608] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5609] <... open resumed>) = 5 [pid 5608] <... futex resumed>) = 0 [pid 5609] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5608] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5609] <... futex resumed>) = 0 [pid 5609] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5608] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5608] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5609] <... mmap resumed>) = 0x20000000 [pid 5609] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5608] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5609] <... futex resumed>) = 0 [pid 5608] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5609] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5608] <... mprotect resumed>) = 0 [pid 5608] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5608] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5610 attached [pid 5610] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5608] <... clone3 resumed> => {parent_tid=[5610]}, 88) = 5610 [pid 5610] set_robust_list(0x7f3dc0d559a0, 24 [pid 5608] rt_sigprocmask(SIG_SETMASK, [], [pid 5610] <... set_robust_list resumed>) = 0 [pid 5608] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5610] rt_sigprocmask(SIG_SETMASK, [], [pid 5608] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5610] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5608] <... futex resumed>) = 0 [pid 5610] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5608] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5609] <... futex resumed>) = ? [pid 5610] +++ killed by SIGBUS +++ [pid 5609] +++ killed by SIGBUS +++ [pid 5608] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5608, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./192", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./192/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./192/binderfs") = 0 [ 94.369046][ T5609] loop0: detected capacity change from 0 to 2048 [ 94.385050][ T5609] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./192/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./192/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./192/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./192/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./192") = 0 mkdir("./193", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5611 attached , child_tidptr=0x555556218690) = 5611 [pid 5611] set_robust_list(0x5555562186a0, 24) = 0 [pid 5611] chdir("./193") = 0 [pid 5611] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5611] setpgid(0, 0) = 0 [pid 5611] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5611] write(3, "1000", 4) = 4 [pid 5611] close(3) = 0 [pid 5611] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5611] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5611] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5611] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5612]}, 88) = 5612 [pid 5611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5611] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5612 attached [pid 5612] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5612] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5612] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5612] memfd_create("syzkaller", 0) = 3 [pid 5612] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5612] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5612] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5612] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5612] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5612] close(3) = 0 [pid 5612] mkdir("./file0", 0777) = 0 [pid 5612] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5612] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5612] chdir("./file0") = 0 [pid 5612] ioctl(4, LOOP_CLR_FD) = 0 [pid 5612] close(4) = 0 [pid 5612] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... futex resumed>) = 1 [pid 5612] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5612] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5612] <... futex resumed>) = 1 [pid 5612] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5612] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5611] <... futex resumed>) = 0 [pid 5611] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5612] <... futex resumed>) = 1 [pid 5612] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5611] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5612] <... mmap resumed>) = 0x20000000 [pid 5611] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5611] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5611] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5613 attached [pid 5612] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] <... clone3 resumed> => {parent_tid=[5613]}, 88) = 5613 [pid 5612] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5611] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5611] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5611] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5613] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5613] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5613] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5613] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5612] <... futex resumed>) = ? [pid 5611] <... futex resumed>) = ? [pid 5613] +++ killed by SIGBUS +++ [pid 5612] +++ killed by SIGBUS +++ [pid 5611] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5611, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./193", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./193/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./193/binderfs") = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./193/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./193/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./193/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./193/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 [ 94.466489][ T5612] loop0: detected capacity change from 0 to 2048 [ 94.478006][ T5612] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 rmdir("./193") = 0 mkdir("./194", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5614 attached [pid 5614] set_robust_list(0x5555562186a0, 24) = 0 [pid 5614] chdir("./194") = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5614 [pid 5614] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5614] setpgid(0, 0) = 0 [pid 5614] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5614] write(3, "1000", 4) = 4 [pid 5614] close(3) = 0 [pid 5614] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5614] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5614] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5614] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5615 attached => {parent_tid=[5615]}, 88) = 5615 [pid 5615] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], [pid 5615] set_robust_list(0x7f3dc90769a0, 24 [pid 5614] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5615] <... set_robust_list resumed>) = 0 [pid 5614] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] rt_sigprocmask(SIG_SETMASK, [], [pid 5614] <... futex resumed>) = 0 [pid 5615] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5614] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5615] memfd_create("syzkaller", 0) = 3 [pid 5615] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5615] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5615] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5615] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5615] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5615] close(3) = 0 [pid 5615] mkdir("./file0", 0777) = 0 [pid 5615] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5615] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5615] chdir("./file0") = 0 [pid 5615] ioctl(4, LOOP_CLR_FD) = 0 [pid 5615] close(4) = 0 [pid 5615] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5614] <... futex resumed>) = 0 [pid 5615] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5614] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... open resumed>) = 4 [pid 5615] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = 1 [pid 5614] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5614] <... futex resumed>) = 0 [pid 5614] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5615] <... open resumed>) = 5 [pid 5615] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5614] <... futex resumed>) = 0 [pid 5615] <... futex resumed>) = 1 [pid 5614] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5615] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5614] <... futex resumed>) = 0 [pid 5615] <... mmap resumed>) = 0x20000000 [pid 5614] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5614] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5614] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5615] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5615] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5614] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5614] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5616]}, 88) = 5616 [pid 5614] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5614] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5616 attached ) = 0 [pid 5616] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5614] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5616] <... rseq resumed>) = 0 [pid 5616] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5616] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5616] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5615] <... futex resumed>) = ? [pid 5614] <... futex resumed>) = ? [pid 5616] +++ killed by SIGBUS +++ [pid 5615] +++ killed by SIGBUS +++ [pid 5614] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5614, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./194", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./194/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./194/binderfs") = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./194/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./194/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./194/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./194/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./194") = 0 [ 94.567327][ T5615] loop0: detected capacity change from 0 to 2048 [ 94.589535][ T5615] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./195", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5617 attached , child_tidptr=0x555556218690) = 5617 [pid 5617] set_robust_list(0x5555562186a0, 24) = 0 [pid 5617] chdir("./195") = 0 [pid 5617] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5617] setpgid(0, 0) = 0 [pid 5617] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5617] write(3, "1000", 4) = 4 [pid 5617] close(3) = 0 [pid 5617] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5617] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5617] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5617] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5618 attached [pid 5618] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5617] <... clone3 resumed> => {parent_tid=[5618]}, 88) = 5618 [pid 5618] <... rseq resumed>) = 0 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], [pid 5618] set_robust_list(0x7f3dc90769a0, 24 [pid 5617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5618] <... set_robust_list resumed>) = 0 [pid 5617] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] rt_sigprocmask(SIG_SETMASK, [], [pid 5617] <... futex resumed>) = 0 [pid 5618] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5617] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5618] memfd_create("syzkaller", 0) = 3 [pid 5618] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5618] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5618] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5618] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5618] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5618] close(3) = 0 [pid 5618] mkdir("./file0", 0777) = 0 [pid 5618] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5618] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5618] chdir("./file0") = 0 [pid 5618] ioctl(4, LOOP_CLR_FD) = 0 [pid 5618] close(4) = 0 [pid 5618] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] <... futex resumed>) = 0 [pid 5617] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5618] <... futex resumed>) = 0 [pid 5617] <... futex resumed>) = 1 [pid 5618] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5617] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... open resumed>) = 4 [pid 5618] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5617] <... futex resumed>) = 0 [pid 5618] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5617] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5618] <... open resumed>) = 5 [pid 5618] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5617] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5618] <... futex resumed>) = 0 [pid 5618] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5617] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5617] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5618] <... mmap resumed>) = 0x20000000 [pid 5617] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5617] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5618] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5618] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5617] <... mprotect resumed>) = 0 [pid 5617] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5617] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5619 attached [pid 5619] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5617] <... clone3 resumed> => {parent_tid=[5619]}, 88) = 5619 [pid 5619] <... rseq resumed>) = 0 [pid 5617] rt_sigprocmask(SIG_SETMASK, [], [pid 5619] set_robust_list(0x7f3dc0d559a0, 24 [pid 5617] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5619] <... set_robust_list resumed>) = 0 [pid 5617] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5619] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5617] <... futex resumed>) = 0 [pid 5619] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5617] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5618] <... futex resumed>) = ? [pid 5619] +++ killed by SIGBUS +++ [pid 5618] +++ killed by SIGBUS +++ [pid 5617] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5617, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./195", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./195/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./195/binderfs") = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./195/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./195/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./195/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./195/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./195") = 0 mkdir("./196", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5620 attached , child_tidptr=0x555556218690) = 5620 [pid 5620] set_robust_list(0x5555562186a0, 24) = 0 [pid 5620] chdir("./196") = 0 [pid 5620] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5620] setpgid(0, 0) = 0 [pid 5620] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [ 94.677875][ T5618] loop0: detected capacity change from 0 to 2048 [ 94.698068][ T5618] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5620] write(3, "1000", 4) = 4 [pid 5620] close(3) = 0 [pid 5620] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5620] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5620] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5620] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5621]}, 88) = 5621 ./strace-static-x86_64: Process 5621 attached [pid 5621] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5621] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5621] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5621] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5620] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5621] <... futex resumed>) = 0 [pid 5621] memfd_create("syzkaller", 0) = 3 [pid 5621] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5621] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5621] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5621] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5621] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5621] close(3) = 0 [pid 5621] mkdir("./file0", 0777) = 0 [pid 5621] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5621] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5621] chdir("./file0") = 0 [pid 5621] ioctl(4, LOOP_CLR_FD) = 0 [pid 5621] close(4) = 0 [pid 5621] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] <... open resumed>) = 4 [pid 5621] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5621] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5621] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5620] <... futex resumed>) = 0 [pid 5621] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5620] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5621] <... mmap resumed>) = 0x20000000 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5620] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5621] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5621] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5620] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5620] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5620] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5620] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5622 attached [pid 5622] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5620] <... clone3 resumed> => {parent_tid=[5622]}, 88) = 5622 [pid 5622] <... rseq resumed>) = 0 [pid 5620] rt_sigprocmask(SIG_SETMASK, [], [pid 5622] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5620] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5622] rt_sigprocmask(SIG_SETMASK, [], [pid 5620] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5622] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5620] <... futex resumed>) = 0 [pid 5620] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5622] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5621] <... futex resumed>) = ? [pid 5621] +++ killed by SIGBUS +++ [pid 5620] <... futex resumed>) = ? [pid 5622] +++ killed by SIGBUS +++ [pid 5620] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5620, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./196", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./196/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./196/binderfs") = 0 [ 94.798785][ T5621] loop0: detected capacity change from 0 to 2048 [ 94.810361][ T5621] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./196/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./196/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./196/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./196/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./196") = 0 mkdir("./197", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5623 ./strace-static-x86_64: Process 5623 attached [pid 5623] set_robust_list(0x5555562186a0, 24) = 0 [pid 5623] chdir("./197") = 0 [pid 5623] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5623] setpgid(0, 0) = 0 [pid 5623] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5623] write(3, "1000", 4) = 4 [pid 5623] close(3) = 0 [pid 5623] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5623] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5623] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5623] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5623] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5624 attached [pid 5624] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5623] <... clone3 resumed> => {parent_tid=[5624]}, 88) = 5624 [pid 5624] <... rseq resumed>) = 0 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], [pid 5624] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5624] rt_sigprocmask(SIG_SETMASK, [], [pid 5623] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5623] <... futex resumed>) = 0 [pid 5624] memfd_create("syzkaller", 0 [pid 5623] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5624] <... memfd_create resumed>) = 3 [pid 5624] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5624] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5624] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5624] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5624] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5624] close(3) = 0 [pid 5624] mkdir("./file0", 0777) = 0 [pid 5624] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5624] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5624] chdir("./file0") = 0 [pid 5624] ioctl(4, LOOP_CLR_FD) = 0 [pid 5624] close(4) = 0 [pid 5624] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5624] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5623] <... futex resumed>) = 0 [pid 5624] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5623] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] <... open resumed>) = 4 [pid 5624] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5624] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5624] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5623] <... futex resumed>) = 0 [pid 5624] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5623] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5624] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5623] <... futex resumed>) = 0 [pid 5623] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5623] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5623] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5624] <... mmap resumed>) = 0x20000000 [pid 5624] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5624] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5623] <... mprotect resumed>) = 0 [pid 5623] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5623] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5625 attached => {parent_tid=[5625]}, 88) = 5625 [pid 5625] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5623] rt_sigprocmask(SIG_SETMASK, [], [pid 5625] set_robust_list(0x7f3dc0d559a0, 24 [pid 5623] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5625] <... set_robust_list resumed>) = 0 [pid 5623] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5625] rt_sigprocmask(SIG_SETMASK, [], [pid 5623] <... futex resumed>) = 0 [pid 5625] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5625] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5623] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5625] +++ killed by SIGBUS +++ [pid 5624] <... futex resumed>) = ? [pid 5624] +++ killed by SIGBUS +++ [pid 5623] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5623, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./197", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./197/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./197/binderfs") = 0 [ 94.924084][ T5624] loop0: detected capacity change from 0 to 2048 [ 94.936192][ T5624] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./197/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./197/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./197/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./197/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./197") = 0 mkdir("./198", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5626 attached , child_tidptr=0x555556218690) = 5626 [pid 5626] set_robust_list(0x5555562186a0, 24) = 0 [pid 5626] chdir("./198") = 0 [pid 5626] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5626] setpgid(0, 0) = 0 [pid 5626] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5626] write(3, "1000", 4) = 4 [pid 5626] close(3) = 0 [pid 5626] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5626] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5626] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5626] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5627]}, 88) = 5627 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5626] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5627 attached [pid 5627] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5627] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5627] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5627] memfd_create("syzkaller", 0) = 3 [pid 5627] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5627] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5627] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5627] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5627] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5627] close(3) = 0 [pid 5627] mkdir("./file0", 0777) = 0 [pid 5627] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5627] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5627] chdir("./file0") = 0 [pid 5627] ioctl(4, LOOP_CLR_FD) = 0 [pid 5627] close(4) = 0 [pid 5627] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5627] <... futex resumed>) = 0 [pid 5627] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5626] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] <... open resumed>) = 4 [pid 5627] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5627] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5627] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5626] <... futex resumed>) = 0 [pid 5626] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5626] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5626] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5626] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5626] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5628 attached [pid 5627] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5628] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5627] <... mmap resumed>) = 0x20000000 [pid 5628] set_robust_list(0x7f3dc0d559a0, 24 [pid 5626] <... clone3 resumed> => {parent_tid=[5628]}, 88) = 5628 [pid 5628] <... set_robust_list resumed>) = 0 [pid 5626] rt_sigprocmask(SIG_SETMASK, [], [pid 5628] rt_sigprocmask(SIG_SETMASK, [], [pid 5626] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5628] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5626] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5628] <... futex resumed>) = 0 [pid 5626] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5628] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5627] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5627] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5626] <... futex resumed>) = ? [pid 5628] +++ killed by SIGBUS +++ [pid 5627] +++ killed by SIGBUS +++ [pid 5626] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5626, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./198", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 [ 95.031248][ T5627] loop0: detected capacity change from 0 to 2048 [ 95.044930][ T5627] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./198/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./198/binderfs") = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./198/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./198/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./198/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./198/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./198") = 0 mkdir("./199", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5629 attached , child_tidptr=0x555556218690) = 5629 [pid 5629] set_robust_list(0x5555562186a0, 24) = 0 [pid 5629] chdir("./199") = 0 [pid 5629] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5629] setpgid(0, 0) = 0 [pid 5629] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5629] write(3, "1000", 4) = 4 [pid 5629] close(3) = 0 [pid 5629] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5629] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5629] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5629] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5630 attached => {parent_tid=[5630]}, 88) = 5630 [pid 5630] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5629] rt_sigprocmask(SIG_SETMASK, [], [pid 5630] set_robust_list(0x7f3dc90769a0, 24 [pid 5629] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5630] <... set_robust_list resumed>) = 0 [pid 5630] rt_sigprocmask(SIG_SETMASK, [], [pid 5629] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5629] <... futex resumed>) = 0 [pid 5630] memfd_create("syzkaller", 0 [pid 5629] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5630] <... memfd_create resumed>) = 3 [pid 5630] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5630] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5630] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5630] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5630] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5630] close(3) = 0 [pid 5630] mkdir("./file0", 0777) = 0 [pid 5630] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5630] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5630] chdir("./file0") = 0 [pid 5630] ioctl(4, LOOP_CLR_FD) = 0 [pid 5630] close(4) = 0 [pid 5630] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] <... futex resumed>) = 1 [pid 5630] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5630] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5630] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] <... futex resumed>) = 0 [pid 5629] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... futex resumed>) = 0 [pid 5629] <... futex resumed>) = 1 [pid 5630] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5629] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5630] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5630] <... futex resumed>) = 0 [pid 5629] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5630] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5629] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5630] <... futex resumed>) = 0 [pid 5629] <... futex resumed>) = 0 [pid 5630] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5629] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5629] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5629] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5629] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5631 attached => {parent_tid=[5631]}, 88) = 5631 [pid 5629] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5629] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5629] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5631] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5631] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5631] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5631] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5629] <... futex resumed>) = ? [pid 5630] <... futex resumed>) = ? [pid 5630] +++ killed by SIGBUS +++ [pid 5631] +++ killed by SIGBUS +++ [pid 5629] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5629, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./199", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./199/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./199/binderfs") = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./199/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./199/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./199/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./199/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./199") = 0 mkdir("./200", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 95.155067][ T5630] loop0: detected capacity change from 0 to 2048 [ 95.166775][ T5630] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5632 attached , child_tidptr=0x555556218690) = 5632 [pid 5632] set_robust_list(0x5555562186a0, 24) = 0 [pid 5632] chdir("./200") = 0 [pid 5632] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5632] setpgid(0, 0) = 0 [pid 5632] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5632] write(3, "1000", 4) = 4 [pid 5632] close(3) = 0 [pid 5632] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5632] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5632] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5632] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5633 attached [pid 5633] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5632] <... clone3 resumed> => {parent_tid=[5633]}, 88) = 5633 [pid 5633] <... rseq resumed>) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], [pid 5633] set_robust_list(0x7f3dc90769a0, 24 [pid 5632] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5633] <... set_robust_list resumed>) = 0 [pid 5632] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] <... futex resumed>) = 0 [pid 5633] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5632] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5633] memfd_create("syzkaller", 0) = 3 [pid 5633] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5633] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5633] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5633] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5633] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5633] close(3) = 0 [pid 5633] mkdir("./file0", 0777) = 0 [pid 5633] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5633] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5633] chdir("./file0") = 0 [pid 5633] ioctl(4, LOOP_CLR_FD) = 0 [pid 5633] close(4) = 0 [pid 5633] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5632] <... futex resumed>) = 0 [pid 5633] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5632] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] <... open resumed>) = 4 [pid 5633] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5633] <... futex resumed>) = 1 [pid 5632] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5633] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5633] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5632] <... futex resumed>) = 0 [pid 5633] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5632] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5633] <... mmap resumed>) = 0x20000000 [pid 5632] <... futex resumed>) = 0 [pid 5632] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5633] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5632] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5632] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5633] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5632] <... mprotect resumed>) = 0 [pid 5632] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5632] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5634 attached [pid 5634] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5632] <... clone3 resumed> => {parent_tid=[5634]}, 88) = 5634 [pid 5634] <... rseq resumed>) = 0 [pid 5632] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5634] set_robust_list(0x7f3dc0d559a0, 24 [pid 5632] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5634] <... set_robust_list resumed>) = 0 [pid 5632] <... futex resumed>) = 0 [pid 5634] rt_sigprocmask(SIG_SETMASK, [], [pid 5632] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5634] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5634] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5633] <... futex resumed>) = ? [pid 5632] <... futex resumed>) = ? [pid 5634] +++ killed by SIGBUS +++ [pid 5633] +++ killed by SIGBUS +++ [pid 5632] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5632, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./200", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./200/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./200/binderfs") = 0 [ 95.260642][ T5633] loop0: detected capacity change from 0 to 2048 [ 95.271394][ T5633] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./200/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./200/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./200/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./200/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./200") = 0 mkdir("./201", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5635 attached [pid 5635] set_robust_list(0x5555562186a0, 24) = 0 [pid 5635] chdir("./201" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5635 [pid 5635] <... chdir resumed>) = 0 [pid 5635] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5635] setpgid(0, 0) = 0 [pid 5635] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5635] write(3, "1000", 4) = 4 [pid 5635] close(3) = 0 [pid 5635] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5635] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5635] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5635] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5635] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5635] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5636 attached [pid 5636] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5636] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5636] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5636] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5635] <... clone3 resumed> => {parent_tid=[5636]}, 88) = 5636 [pid 5635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5635] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5635] <... futex resumed>) = 1 [pid 5635] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5636] memfd_create("syzkaller", 0) = 3 [pid 5636] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5636] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5636] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5636] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5636] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5636] close(3) = 0 [pid 5636] mkdir("./file0", 0777) = 0 [pid 5636] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5636] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5636] chdir("./file0") = 0 [pid 5636] ioctl(4, LOOP_CLR_FD) = 0 [pid 5636] close(4) = 0 [pid 5636] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5636] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = 0 [pid 5636] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5635] <... futex resumed>) = 1 [pid 5635] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... open resumed>) = 4 [pid 5636] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] <... futex resumed>) = 0 [pid 5636] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5635] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5635] <... futex resumed>) = 0 [pid 5636] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5635] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] <... open resumed>) = 5 [pid 5636] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5635] <... futex resumed>) = 0 [pid 5635] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5635] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5636] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5635] <... futex resumed>) = 0 [pid 5635] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5635] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5635] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5635] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5637]}, 88) = 5637 [pid 5635] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5635] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5637 attached [pid 5636] <... mmap resumed>) = 0x20000000 [pid 5635] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5636] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5636] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5637] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5637] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5637] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5637] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5635] <... futex resumed>) = ? [pid 5636] <... futex resumed>) = ? [pid 5637] +++ killed by SIGBUS +++ [pid 5636] +++ killed by SIGBUS +++ [pid 5635] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5635, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./201", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./201/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./201/binderfs") = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./201/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./201/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./201/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./201/file0") = 0 [ 95.375145][ T5636] loop0: detected capacity change from 0 to 2048 [ 95.387203][ T5636] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./201") = 0 mkdir("./202", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5638 ./strace-static-x86_64: Process 5638 attached [pid 5638] set_robust_list(0x5555562186a0, 24) = 0 [pid 5638] chdir("./202") = 0 [pid 5638] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5638] setpgid(0, 0) = 0 [pid 5638] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5638] write(3, "1000", 4) = 4 [pid 5638] close(3) = 0 [pid 5638] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5638] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5638] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5638] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5639]}, 88) = 5639 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5638] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5639 attached [pid 5639] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5639] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5639] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5639] memfd_create("syzkaller", 0) = 3 [pid 5639] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5639] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5639] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5639] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5639] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5639] close(3) = 0 [pid 5639] mkdir("./file0", 0777) = 0 [pid 5639] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5639] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5639] chdir("./file0") = 0 [pid 5639] ioctl(4, LOOP_CLR_FD) = 0 [pid 5639] close(4) = 0 [pid 5639] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] <... futex resumed>) = 1 [pid 5639] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5639] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... futex resumed>) = 0 [pid 5638] <... futex resumed>) = 1 [pid 5639] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5638] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5639] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5638] <... futex resumed>) = 0 [pid 5639] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5638] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5639] <... mmap resumed>) = 0x20000000 [pid 5638] <... futex resumed>) = 0 [pid 5638] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5638] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5639] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5638] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5639] <... futex resumed>) = 0 [pid 5638] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5639] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5638] <... clone3 resumed> => {parent_tid=[5640]}, 88) = 5640 [pid 5638] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5638] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5638] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5640 attached [pid 5640] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5640] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5640] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5640] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5638] <... futex resumed>) = ? [pid 5640] +++ killed by SIGBUS +++ [pid 5639] <... futex resumed>) = ? [pid 5639] +++ killed by SIGBUS +++ [pid 5638] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5638, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./202", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./202/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./202/binderfs") = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./202/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./202/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./202/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 95.489353][ T5639] loop0: detected capacity change from 0 to 2048 [ 95.501573][ T5639] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./202/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./202") = 0 mkdir("./203", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5641 ./strace-static-x86_64: Process 5641 attached [pid 5641] set_robust_list(0x5555562186a0, 24) = 0 [pid 5641] chdir("./203") = 0 [pid 5641] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5641] setpgid(0, 0) = 0 [pid 5641] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5641] write(3, "1000", 4) = 4 [pid 5641] close(3) = 0 [pid 5641] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5641] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5641] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5641] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5641] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5641] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5641] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5642 attached => {parent_tid=[5642]}, 88) = 5642 [pid 5642] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5641] rt_sigprocmask(SIG_SETMASK, [], [pid 5642] <... rseq resumed>) = 0 [pid 5641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5642] set_robust_list(0x7f3dc90769a0, 24 [pid 5641] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... set_robust_list resumed>) = 0 [pid 5641] <... futex resumed>) = 0 [pid 5642] rt_sigprocmask(SIG_SETMASK, [], [pid 5641] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5642] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5642] memfd_create("syzkaller", 0) = 3 [pid 5642] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5642] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5642] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5642] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5642] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5642] close(3) = 0 [pid 5642] mkdir("./file0", 0777) = 0 [pid 5642] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5642] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5642] chdir("./file0") = 0 [pid 5642] ioctl(4, LOOP_CLR_FD) = 0 [pid 5642] close(4) = 0 [pid 5642] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5642] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5641] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5641] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5642] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5642] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5642] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5641] <... futex resumed>) = 0 [pid 5642] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5641] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5641] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5642] <... open resumed>) = 5 [pid 5642] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5642] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5641] <... futex resumed>) = 0 [pid 5641] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5642] <... futex resumed>) = 0 [pid 5641] <... futex resumed>) = 1 [pid 5642] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5641] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5642] <... mmap resumed>) = 0x20000000 [pid 5641] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5642] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5641] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5642] <... futex resumed>) = 0 [pid 5642] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5641] <... mprotect resumed>) = 0 [pid 5641] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5641] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5643 attached => {parent_tid=[5643]}, 88) = 5643 [pid 5643] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5641] rt_sigprocmask(SIG_SETMASK, [], [pid 5643] <... rseq resumed>) = 0 [pid 5641] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] set_robust_list(0x7f3dc0d559a0, 24 [pid 5641] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5643] <... set_robust_list resumed>) = 0 [pid 5641] <... futex resumed>) = 0 [pid 5643] rt_sigprocmask(SIG_SETMASK, [], [pid 5641] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5643] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5643] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5642] <... futex resumed>) = ? [pid 5641] <... futex resumed>) = ? [pid 5642] +++ killed by SIGBUS +++ [pid 5643] +++ killed by SIGBUS +++ [pid 5641] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5641, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./203", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./203/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./203/binderfs") = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./203/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./203/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./203/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./203/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./203") = 0 mkdir("./204", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5644 ./strace-static-x86_64: Process 5644 attached [pid 5644] set_robust_list(0x5555562186a0, 24) = 0 [pid 5644] chdir("./204") = 0 [pid 5644] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5644] setpgid(0, 0) = 0 [pid 5644] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5644] write(3, "1000", 4) = 4 [pid 5644] close(3) = 0 [ 95.599249][ T5642] loop0: detected capacity change from 0 to 2048 [ 95.618901][ T5642] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5644] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5644] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5644] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5644] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5645 attached [pid 5645] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5645] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5645] rt_sigprocmask(SIG_SETMASK, [], [pid 5644] <... clone3 resumed> => {parent_tid=[5645]}, 88) = 5645 [pid 5645] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5645] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5644] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5645] <... futex resumed>) = 0 [pid 5645] memfd_create("syzkaller", 0) = 3 [pid 5645] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5645] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5645] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5645] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5645] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5645] close(3) = 0 [pid 5645] mkdir("./file0", 0777) = 0 [pid 5645] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5645] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5645] chdir("./file0") = 0 [pid 5645] ioctl(4, LOOP_CLR_FD) = 0 [pid 5645] close(4) = 0 [pid 5645] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5645] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5644] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5645] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5645] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5644] <... futex resumed>) = 0 [pid 5645] <... open resumed>) = 4 [pid 5644] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5644] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] <... futex resumed>) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5645] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5645] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5644] <... futex resumed>) = 0 [pid 5644] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5644] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5645] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5644] <... mprotect resumed>) = 0 [pid 5644] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5645] <... mmap resumed>) = 0x20000000 [pid 5644] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5645] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5644] <... clone3 resumed> => {parent_tid=[5646]}, 88) = 5646 [pid 5644] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5644] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5644] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5646 attached [pid 5646] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5646] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5646] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5646] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5644] <... futex resumed>) = ? [pid 5645] <... futex resumed>) = ? [pid 5645] +++ killed by SIGBUS +++ [pid 5646] +++ killed by SIGBUS +++ [pid 5644] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5644, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./204", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./204/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./204/binderfs") = 0 [ 95.716833][ T5645] loop0: detected capacity change from 0 to 2048 [ 95.728995][ T5645] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./204/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./204/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./204/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./204/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./204") = 0 mkdir("./205", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5647 attached , child_tidptr=0x555556218690) = 5647 [pid 5647] set_robust_list(0x5555562186a0, 24) = 0 [pid 5647] chdir("./205") = 0 [pid 5647] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5647] setpgid(0, 0) = 0 [pid 5647] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5647] write(3, "1000", 4) = 4 [pid 5647] close(3) = 0 [pid 5647] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5647] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5647] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5647] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5647] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5647] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5648 attached [pid 5648] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5647] <... clone3 resumed> => {parent_tid=[5648]}, 88) = 5648 [pid 5648] <... rseq resumed>) = 0 [pid 5648] set_robust_list(0x7f3dc90769a0, 24 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5648] <... set_robust_list resumed>) = 0 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5648] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5647] <... futex resumed>) = 0 [pid 5648] memfd_create("syzkaller", 0 [pid 5647] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5648] <... memfd_create resumed>) = 3 [pid 5648] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5648] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5648] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5648] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5648] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5648] close(3) = 0 [pid 5648] mkdir("./file0", 0777) = 0 [pid 5648] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5648] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5648] chdir("./file0") = 0 [pid 5648] ioctl(4, LOOP_CLR_FD) = 0 [pid 5648] close(4) = 0 [pid 5648] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5648] <... futex resumed>) = 0 [pid 5647] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5648] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5648] <... futex resumed>) = 1 [pid 5648] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5647] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5648] <... open resumed>) = 5 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5648] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5647] <... futex resumed>) = 0 [pid 5647] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5647] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5648] <... futex resumed>) = 1 [pid 5647] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5648] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5648] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5649 attached [pid 5649] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5648] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5647] <... clone3 resumed> => {parent_tid=[5649]}, 88) = 5649 [pid 5649] <... rseq resumed>) = 0 [pid 5647] rt_sigprocmask(SIG_SETMASK, [], [pid 5649] set_robust_list(0x7f3dc0d559a0, 24 [pid 5647] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5649] <... set_robust_list resumed>) = 0 [pid 5647] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5649] rt_sigprocmask(SIG_SETMASK, [], [pid 5647] <... futex resumed>) = 0 [pid 5649] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5647] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5649] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5647] <... futex resumed>) = ? [pid 5648] <... futex resumed>) = ? [pid 5648] +++ killed by SIGBUS +++ [pid 5649] +++ killed by SIGBUS +++ [pid 5647] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5647, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./205", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./205/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./205/binderfs") = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./205/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./205/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./205/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./205/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./205") = 0 mkdir("./206", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 95.817398][ T5648] loop0: detected capacity change from 0 to 2048 [ 95.828857][ T5648] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5650 attached [pid 5650] set_robust_list(0x5555562186a0, 24) = 0 [pid 5650] chdir("./206") = 0 [pid 5650] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5650] setpgid(0, 0) = 0 [pid 5650] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5650] write(3, "1000", 4) = 4 [pid 5650] close(3) = 0 [pid 5650] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5650] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5650] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5650] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5650] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5650 ./strace-static-x86_64: Process 5651 attached [pid 5650] <... clone3 resumed> => {parent_tid=[5651]}, 88) = 5651 [pid 5651] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], [pid 5651] <... rseq resumed>) = 0 [pid 5650] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5650] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] set_robust_list(0x7f3dc90769a0, 24 [pid 5650] <... futex resumed>) = 0 [pid 5651] <... set_robust_list resumed>) = 0 [pid 5650] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5651] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5651] memfd_create("syzkaller", 0) = 3 [pid 5651] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5651] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5651] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5651] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5651] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5651] close(3) = 0 [pid 5651] mkdir("./file0", 0777) = 0 [pid 5651] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5651] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5651] chdir("./file0") = 0 [pid 5651] ioctl(4, LOOP_CLR_FD) = 0 [pid 5651] close(4) = 0 [pid 5651] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] <... futex resumed>) = 1 [pid 5651] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5651] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = 0 [pid 5650] <... futex resumed>) = 1 [pid 5650] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5651] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5651] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... futex resumed>) = 1 [pid 5650] <... futex resumed>) = 0 [pid 5651] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5650] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5651] <... mmap resumed>) = 0x20000000 [pid 5650] <... futex resumed>) = 0 [pid 5650] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5651] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5651] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5650] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5650] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5650] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5652 attached [pid 5652] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5650] <... clone3 resumed> => {parent_tid=[5652]}, 88) = 5652 [pid 5652] set_robust_list(0x7f3dc0d559a0, 24 [pid 5650] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5650] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5650] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5652] <... set_robust_list resumed>) = 0 [pid 5652] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5652] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5651] <... futex resumed>) = ? [pid 5651] +++ killed by SIGBUS +++ [pid 5650] <... futex resumed>) = ? [pid 5652] +++ killed by SIGBUS +++ [pid 5650] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5650, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./206", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./206/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./206/binderfs") = 0 [ 95.919003][ T5651] loop0: detected capacity change from 0 to 2048 [ 95.934055][ T5651] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./206/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./206/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./206/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./206/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./206") = 0 mkdir("./207", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5653 ./strace-static-x86_64: Process 5653 attached [pid 5653] set_robust_list(0x5555562186a0, 24) = 0 [pid 5653] chdir("./207") = 0 [pid 5653] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5653] setpgid(0, 0) = 0 [pid 5653] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5653] write(3, "1000", 4) = 4 [pid 5653] close(3) = 0 [pid 5653] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5653] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5653] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5653] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5653] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5654]}, 88) = 5654 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5653] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5653] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5654 attached [pid 5654] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5654] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5654] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5654] memfd_create("syzkaller", 0) = 3 [pid 5654] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5654] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5654] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5654] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5654] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5654] close(3) = 0 [pid 5654] mkdir("./file0", 0777) = 0 [pid 5654] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5654] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5654] chdir("./file0") = 0 [pid 5654] ioctl(4, LOOP_CLR_FD) = 0 [pid 5654] close(4) = 0 [pid 5654] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5654] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] <... futex resumed>) = 0 [pid 5653] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5653] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... futex resumed>) = 0 [pid 5654] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5654] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] <... futex resumed>) = 0 [pid 5654] <... futex resumed>) = 1 [pid 5654] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5653] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... open resumed>) = 5 [pid 5653] <... futex resumed>) = 0 [pid 5654] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5654] <... futex resumed>) = 0 [pid 5653] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5654] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5653] <... futex resumed>) = 0 [pid 5654] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5653] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5654] <... mmap resumed>) = 0x20000000 [pid 5653] <... futex resumed>) = 0 [pid 5654] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5653] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5654] <... futex resumed>) = 0 [pid 5653] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5654] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5653] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5653] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5653] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5655 attached [pid 5655] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5653] <... clone3 resumed> => {parent_tid=[5655]}, 88) = 5655 [pid 5655] <... rseq resumed>) = 0 [pid 5653] rt_sigprocmask(SIG_SETMASK, [], [pid 5655] set_robust_list(0x7f3dc0d559a0, 24 [pid 5653] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5655] <... set_robust_list resumed>) = 0 [pid 5653] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5655] rt_sigprocmask(SIG_SETMASK, [], [pid 5653] <... futex resumed>) = 0 [pid 5655] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5653] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5655] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5654] <... futex resumed>) = ? [pid 5653] <... futex resumed>) = ? [pid 5655] +++ killed by SIGBUS +++ [pid 5654] +++ killed by SIGBUS +++ [pid 5653] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5653, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./207", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./207/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./207/binderfs") = 0 [ 96.042396][ T5654] loop0: detected capacity change from 0 to 2048 [ 96.053863][ T5654] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./207/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./207/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./207/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./207/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./207") = 0 mkdir("./208", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5656 attached , child_tidptr=0x555556218690) = 5656 [pid 5656] set_robust_list(0x5555562186a0, 24) = 0 [pid 5656] chdir("./208") = 0 [pid 5656] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5656] setpgid(0, 0) = 0 [pid 5656] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5656] write(3, "1000", 4) = 4 [pid 5656] close(3) = 0 [pid 5656] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5656] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5656] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5656] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5657 attached => {parent_tid=[5657]}, 88) = 5657 [pid 5657] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5657] <... rseq resumed>) = 0 [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5657] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5656] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] rt_sigprocmask(SIG_SETMASK, [], [pid 5656] <... futex resumed>) = 0 [pid 5657] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5656] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5657] memfd_create("syzkaller", 0) = 3 [pid 5657] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5657] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5657] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5657] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5657] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5657] close(3) = 0 [pid 5657] mkdir("./file0", 0777) = 0 [pid 5657] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5657] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5657] chdir("./file0") = 0 [pid 5657] ioctl(4, LOOP_CLR_FD) = 0 [pid 5657] close(4) = 0 [pid 5657] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5657] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5656] <... futex resumed>) = 0 [pid 5657] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5656] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] <... open resumed>) = 4 [pid 5657] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5657] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5656] <... futex resumed>) = 0 [pid 5657] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5656] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5657] <... open resumed>) = 5 [pid 5657] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5656] <... futex resumed>) = 0 [pid 5657] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5657] <... futex resumed>) = 0 [pid 5656] <... futex resumed>) = 1 [pid 5657] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5656] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5657] <... mmap resumed>) = 0x20000000 [pid 5657] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5657] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5656] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5656] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5656] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5658 attached => {parent_tid=[5658]}, 88) = 5658 [pid 5658] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5656] rt_sigprocmask(SIG_SETMASK, [], [pid 5658] <... rseq resumed>) = 0 [pid 5656] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5658] set_robust_list(0x7f3dc0d559a0, 24 [pid 5656] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5656] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5658] <... set_robust_list resumed>) = 0 [pid 5658] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5658] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5656] <... futex resumed>) = ? [pid 5657] <... futex resumed>) = ? [pid 5657] +++ killed by SIGBUS +++ [pid 5658] +++ killed by SIGBUS +++ [pid 5656] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5656, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./208", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 96.152870][ T5657] loop0: detected capacity change from 0 to 2048 [ 96.164933][ T5657] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./208", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./208/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./208/binderfs") = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./208/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./208/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./208/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./208/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./208") = 0 mkdir("./209", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5659 ./strace-static-x86_64: Process 5659 attached [pid 5659] set_robust_list(0x5555562186a0, 24) = 0 [pid 5659] chdir("./209") = 0 [pid 5659] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5659] setpgid(0, 0) = 0 [pid 5659] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5659] write(3, "1000", 4) = 4 [pid 5659] close(3) = 0 [pid 5659] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5659] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5659] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5659] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5660 attached => {parent_tid=[5660]}, 88) = 5660 [pid 5660] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5660] set_robust_list(0x7f3dc90769a0, 24 [pid 5659] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... set_robust_list resumed>) = 0 [pid 5659] <... futex resumed>) = 0 [pid 5660] rt_sigprocmask(SIG_SETMASK, [], [pid 5659] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5660] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5660] memfd_create("syzkaller", 0) = 3 [pid 5660] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5660] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5660] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5660] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5660] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5660] close(3) = 0 [pid 5660] mkdir("./file0", 0777) = 0 [pid 5660] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5660] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5660] chdir("./file0") = 0 [pid 5660] ioctl(4, LOOP_CLR_FD) = 0 [pid 5660] close(4) = 0 [pid 5660] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5660] <... futex resumed>) = 1 [pid 5660] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5660] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] <... futex resumed>) = 0 [pid 5660] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5659] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] <... open resumed>) = 5 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5660] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5659] <... futex resumed>) = 0 [pid 5659] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5660] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5659] <... futex resumed>) = 0 [pid 5660] <... mmap resumed>) = 0x20000000 [pid 5659] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5659] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5659] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5660] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5659] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5660] <... futex resumed>) = 0 [pid 5660] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5659] <... clone3 resumed> => {parent_tid=[5661]}, 88) = 5661 [pid 5659] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5659] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5659] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5661 attached [pid 5661] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5661] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5661] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5661] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5659] <... futex resumed>) = ? [pid 5661] +++ killed by SIGBUS +++ [pid 5660] <... futex resumed>) = ? [pid 5660] +++ killed by SIGBUS +++ [pid 5659] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5659, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./209", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./209/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./209/binderfs") = 0 [ 96.271084][ T5660] loop0: detected capacity change from 0 to 2048 [ 96.284483][ T5660] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./209/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./209/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./209/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./209/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./209") = 0 mkdir("./210", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5662 attached , child_tidptr=0x555556218690) = 5662 [pid 5662] set_robust_list(0x5555562186a0, 24) = 0 [pid 5662] chdir("./210") = 0 [pid 5662] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5662] setpgid(0, 0) = 0 [pid 5662] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5662] write(3, "1000", 4) = 4 [pid 5662] close(3) = 0 [pid 5662] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5662] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5662] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5662] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5663]}, 88) = 5663 [pid 5662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5663 attached [pid 5663] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5663] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5663] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5663] memfd_create("syzkaller", 0) = 3 [pid 5663] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5663] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5663] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5663] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5663] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5663] close(3) = 0 [pid 5663] mkdir("./file0", 0777) = 0 [pid 5663] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5663] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5663] chdir("./file0") = 0 [pid 5663] ioctl(4, LOOP_CLR_FD) = 0 [pid 5663] close(4) = 0 [pid 5663] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5663] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5662] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... open resumed>) = 4 [pid 5663] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5663] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5663] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5662] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... open resumed>) = 5 [pid 5663] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5662] <... futex resumed>) = 0 [pid 5662] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5662] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5663] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5662] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5662] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5663] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5662] <... mprotect resumed>) = 0 [pid 5663] <... futex resumed>) = 0 [pid 5663] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5662] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5664 attached => {parent_tid=[5664]}, 88) = 5664 [pid 5664] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5664] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5664] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5664] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5662] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5662] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5664] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5662] <... futex resumed>) = 0 [pid 5664] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5662] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5663] <... futex resumed>) = ? [pid 5662] <... futex resumed>) = ? [pid 5664] +++ killed by SIGBUS +++ [pid 5663] +++ killed by SIGBUS +++ [pid 5662] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5662, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./210", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./210/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./210/binderfs") = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./210/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./210/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./210/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 96.386164][ T5663] loop0: detected capacity change from 0 to 2048 [ 96.398194][ T5663] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./210/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./210") = 0 mkdir("./211", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5665 attached , child_tidptr=0x555556218690) = 5665 [pid 5665] set_robust_list(0x5555562186a0, 24) = 0 [pid 5665] chdir("./211") = 0 [pid 5665] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5665] setpgid(0, 0) = 0 [pid 5665] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5665] write(3, "1000", 4) = 4 [pid 5665] close(3) = 0 [pid 5665] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5665] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5665] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5665] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5666 attached => {parent_tid=[5666]}, 88) = 5666 [pid 5666] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5666] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5666] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5666] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5665] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5665] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5666] memfd_create("syzkaller", 0) = 3 [pid 5666] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5666] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5666] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5666] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5666] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5666] close(3) = 0 [pid 5666] mkdir("./file0", 0777) = 0 [pid 5666] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5666] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5666] chdir("./file0") = 0 [pid 5666] ioctl(4, LOOP_CLR_FD) = 0 [pid 5666] close(4) = 0 [pid 5666] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5665] <... futex resumed>) = 0 [pid 5666] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5665] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5665] <... futex resumed>) = 0 [pid 5666] <... open resumed>) = 4 [pid 5665] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5666] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] <... futex resumed>) = 0 [pid 5665] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] <... futex resumed>) = 0 [pid 5666] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5666] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] <... futex resumed>) = 1 [pid 5665] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5666] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5665] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5666] <... futex resumed>) = 0 [pid 5665] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5666] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5665] <... futex resumed>) = 0 [pid 5666] <... mmap resumed>) = 0x20000000 [pid 5665] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5665] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5666] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5666] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5665] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5665] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5667 attached => {parent_tid=[5667]}, 88) = 5667 [pid 5665] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5665] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5665] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5667] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5667] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5667] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5667] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5666] <... futex resumed>) = ? [pid 5666] +++ killed by SIGBUS +++ [pid 5665] <... futex resumed>) = ? [pid 5667] +++ killed by SIGBUS +++ [pid 5665] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5665, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./211", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./211/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./211/binderfs") = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./211/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./211/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./211/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./211/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./211") = 0 mkdir("./212", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5668 ./strace-static-x86_64: Process 5668 attached [pid 5668] set_robust_list(0x5555562186a0, 24) = 0 [pid 5668] chdir("./212") = 0 [pid 5668] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5668] setpgid(0, 0) = 0 [pid 5668] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5668] write(3, "1000", 4) = 4 [pid 5668] close(3) = 0 [pid 5668] symlink("/dev/binderfs", "./binderfs") = 0 [ 96.492329][ T5666] loop0: detected capacity change from 0 to 2048 [ 96.502896][ T5666] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5668] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5668] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5668] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5669]}, 88) = 5669 [pid 5668] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5668] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5669 attached [pid 5669] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5669] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5669] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5669] memfd_create("syzkaller", 0) = 3 [pid 5669] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5669] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5669] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5669] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5669] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5669] close(3) = 0 [pid 5669] mkdir("./file0", 0777) = 0 [pid 5669] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5669] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5669] chdir("./file0") = 0 [pid 5669] ioctl(4, LOOP_CLR_FD) = 0 [pid 5669] close(4) = 0 [pid 5669] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5669] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] <... futex resumed>) = 0 [pid 5668] <... futex resumed>) = 1 [pid 5669] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5668] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... open resumed>) = 4 [pid 5669] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5669] <... futex resumed>) = 1 [pid 5669] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5669] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5669] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5668] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5668] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5669] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5668] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5669] <... futex resumed>) = 0 [pid 5668] <... mprotect resumed>) = 0 [pid 5668] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5668] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5670 attached [pid 5670] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5668] <... clone3 resumed> => {parent_tid=[5670]}, 88) = 5670 [pid 5670] set_robust_list(0x7f3dc0d559a0, 24 [pid 5668] rt_sigprocmask(SIG_SETMASK, [], [pid 5670] <... set_robust_list resumed>) = 0 [pid 5668] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5670] rt_sigprocmask(SIG_SETMASK, [], [pid 5668] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5670] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5670] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5668] <... futex resumed>) = 0 [pid 5668] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5670] +++ killed by SIGBUS +++ [pid 5669] +++ killed by SIGBUS +++ [pid 5668] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5668, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./212", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./212/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./212/binderfs") = 0 [ 96.587986][ T5669] loop0: detected capacity change from 0 to 2048 [ 96.599413][ T5669] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./212/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./212/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./212/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./212/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./212") = 0 mkdir("./213", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5671 attached , child_tidptr=0x555556218690) = 5671 [pid 5671] set_robust_list(0x5555562186a0, 24) = 0 [pid 5671] chdir("./213") = 0 [pid 5671] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5671] setpgid(0, 0) = 0 [pid 5671] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5671] write(3, "1000", 4) = 4 [pid 5671] close(3) = 0 [pid 5671] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5671] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5671] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5671] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5671] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5672 attached [pid 5672] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5671] <... clone3 resumed> => {parent_tid=[5672]}, 88) = 5672 [pid 5672] <... rseq resumed>) = 0 [pid 5672] set_robust_list(0x7f3dc90769a0, 24 [pid 5671] rt_sigprocmask(SIG_SETMASK, [], [pid 5672] <... set_robust_list resumed>) = 0 [pid 5671] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5672] rt_sigprocmask(SIG_SETMASK, [], [pid 5671] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5671] <... futex resumed>) = 0 [pid 5672] memfd_create("syzkaller", 0 [pid 5671] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5672] <... memfd_create resumed>) = 3 [pid 5672] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5672] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5672] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5672] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5672] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5672] close(3) = 0 [pid 5672] mkdir("./file0", 0777) = 0 [pid 5672] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5672] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5672] chdir("./file0") = 0 [pid 5672] ioctl(4, LOOP_CLR_FD) = 0 [pid 5672] close(4) = 0 [pid 5672] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5671] <... futex resumed>) = 0 [pid 5671] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5672] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5671] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] <... open resumed>) = 4 [pid 5672] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... futex resumed>) = 0 [pid 5672] <... futex resumed>) = 1 [pid 5672] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5671] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... open resumed>) = 5 [pid 5671] <... futex resumed>) = 0 [pid 5671] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5672] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... futex resumed>) = 0 [pid 5671] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] <... futex resumed>) = 1 [pid 5671] <... futex resumed>) = 0 [pid 5671] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5672] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5671] <... futex resumed>) = 0 [pid 5672] <... mmap resumed>) = 0x20000000 [pid 5671] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5671] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5672] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5671] <... mprotect resumed>) = 0 [pid 5672] <... futex resumed>) = 0 [pid 5672] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5671] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5671] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5673 attached => {parent_tid=[5673]}, 88) = 5673 [pid 5671] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5671] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5671] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5673] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5673] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5673] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5673] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5671] <... futex resumed>) = ? [pid 5673] +++ killed by SIGBUS +++ [pid 5672] <... futex resumed>) = ? [pid 5672] +++ killed by SIGBUS +++ [pid 5671] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5671, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./213", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./213/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./213/binderfs") = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./213/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./213/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./213/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 96.688334][ T5672] loop0: detected capacity change from 0 to 2048 [ 96.699879][ T5672] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./213/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./213") = 0 mkdir("./214", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5674 attached , child_tidptr=0x555556218690) = 5674 [pid 5674] set_robust_list(0x5555562186a0, 24) = 0 [pid 5674] chdir("./214") = 0 [pid 5674] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5674] setpgid(0, 0) = 0 [pid 5674] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5674] write(3, "1000", 4) = 4 [pid 5674] close(3) = 0 [pid 5674] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5674] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5674] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5674] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5675]}, 88) = 5675 [pid 5674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5674] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5675 attached [pid 5675] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5675] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5675] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5675] memfd_create("syzkaller", 0) = 3 [pid 5675] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5675] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5675] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5675] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5675] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5675] close(3) = 0 [pid 5675] mkdir("./file0", 0777) = 0 [pid 5675] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5675] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5675] chdir("./file0") = 0 [pid 5675] ioctl(4, LOOP_CLR_FD) = 0 [pid 5675] close(4) = 0 [pid 5675] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5674] <... futex resumed>) = 0 [pid 5675] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5674] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5675] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5674] <... futex resumed>) = 0 [pid 5675] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5674] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... open resumed>) = 4 [pid 5675] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = 0 [pid 5674] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5675] <... futex resumed>) = 1 [pid 5675] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5675] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5674] <... futex resumed>) = 0 [pid 5674] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5674] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5674] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5674] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5676 attached [pid 5675] <... futex resumed>) = 1 [pid 5676] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5675] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5674] <... clone3 resumed> => {parent_tid=[5676]}, 88) = 5676 [pid 5676] <... rseq resumed>) = 0 [pid 5676] set_robust_list(0x7f3dc0d559a0, 24 [pid 5675] <... mmap resumed>) = 0x20000000 [pid 5674] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5674] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5674] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5676] <... set_robust_list resumed>) = 0 [pid 5675] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5675] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5676] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5676] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5674] <... futex resumed>) = ? [pid 5675] <... futex resumed>) = ? [pid 5675] +++ killed by SIGBUS +++ [pid 5676] +++ killed by SIGBUS +++ [pid 5674] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5674, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./214", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./214/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 96.796353][ T5675] loop0: detected capacity change from 0 to 2048 [ 96.822012][ T5675] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./214/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./214/binderfs") = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./214/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./214/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./214/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./214/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./214") = 0 mkdir("./215", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5677 ./strace-static-x86_64: Process 5677 attached [pid 5677] set_robust_list(0x5555562186a0, 24) = 0 [pid 5677] chdir("./215") = 0 [pid 5677] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5677] setpgid(0, 0) = 0 [pid 5677] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5677] write(3, "1000", 4) = 4 [pid 5677] close(3) = 0 [pid 5677] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5677] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5677] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5677] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5678 attached => {parent_tid=[5678]}, 88) = 5678 [pid 5678] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], [pid 5678] <... rseq resumed>) = 0 [pid 5678] set_robust_list(0x7f3dc90769a0, 24 [pid 5677] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5678] <... set_robust_list resumed>) = 0 [pid 5677] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] rt_sigprocmask(SIG_SETMASK, [], [pid 5677] <... futex resumed>) = 0 [pid 5677] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5678] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5678] memfd_create("syzkaller", 0) = 3 [pid 5678] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5678] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5678] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5678] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5678] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5678] close(3) = 0 [pid 5678] mkdir("./file0", 0777) = 0 [pid 5678] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5678] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5678] chdir("./file0") = 0 [pid 5678] ioctl(4, LOOP_CLR_FD) = 0 [pid 5678] close(4) = 0 [pid 5678] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5678] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = 0 [pid 5677] <... futex resumed>) = 1 [pid 5678] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5677] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... open resumed>) = 4 [pid 5678] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5678] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] <... futex resumed>) = 0 [pid 5678] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5677] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] <... open resumed>) = 5 [pid 5678] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5677] <... futex resumed>) = 0 [pid 5678] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5677] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5678] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5677] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5678] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5677] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5678] <... mmap resumed>) = 0x20000000 [pid 5677] <... mprotect resumed>) = 0 [pid 5677] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5677] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5679 attached => {parent_tid=[5679]}, 88) = 5679 [pid 5677] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5677] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5677] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5678] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5678] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5679] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5679] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5679] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5679] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5678] <... futex resumed>) = ? [pid 5677] <... futex resumed>) = ? [pid 5679] +++ killed by SIGBUS +++ [pid 5678] +++ killed by SIGBUS +++ [pid 5677] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5677, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./215", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./215/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./215/binderfs") = 0 [ 96.937365][ T5678] loop0: detected capacity change from 0 to 2048 [ 96.949667][ T5678] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./215/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./215/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./215/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./215/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./215") = 0 mkdir("./216", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5680 ./strace-static-x86_64: Process 5680 attached [pid 5680] set_robust_list(0x5555562186a0, 24) = 0 [pid 5680] chdir("./216") = 0 [pid 5680] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5680] setpgid(0, 0) = 0 [pid 5680] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5680] write(3, "1000", 4) = 4 [pid 5680] close(3) = 0 [pid 5680] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5680] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5680] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5680] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5681]}, 88) = 5681 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5680] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5681 attached [pid 5681] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5681] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5681] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5681] memfd_create("syzkaller", 0) = 3 [pid 5681] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5681] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5681] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5681] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5681] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5681] close(3) = 0 [pid 5681] mkdir("./file0", 0777) = 0 [pid 5681] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5681] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5681] chdir("./file0") = 0 [pid 5681] ioctl(4, LOOP_CLR_FD) = 0 [pid 5681] close(4) = 0 [pid 5681] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] <... futex resumed>) = 0 [pid 5681] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5680] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] <... futex resumed>) = 0 [pid 5681] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5681] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5681] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5681] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5680] <... futex resumed>) = 0 [pid 5680] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5680] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5680] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5680] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5680] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5682 attached => {parent_tid=[5682]}, 88) = 5682 [pid 5682] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5680] rt_sigprocmask(SIG_SETMASK, [], [pid 5682] <... rseq resumed>) = 0 [pid 5680] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5682] set_robust_list(0x7f3dc0d559a0, 24 [pid 5681] <... futex resumed>) = 1 [pid 5680] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5682] <... set_robust_list resumed>) = 0 [pid 5681] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5680] <... futex resumed>) = 0 [pid 5682] rt_sigprocmask(SIG_SETMASK, [], [pid 5681] <... mmap resumed>) = 0x20000000 [pid 5680] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5682] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5681] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5682] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5681] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5680] <... futex resumed>) = ? [pid 5682] +++ killed by SIGBUS +++ [pid 5681] +++ killed by SIGBUS +++ [pid 5680] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5680, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./216", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./216/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./216/binderfs") = 0 [ 97.034620][ T5681] __do_sys_memfd_create: 35 callbacks suppressed [ 97.034638][ T5681] syz-executor183[5681]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.064118][ T5681] loop0: detected capacity change from 0 to 2048 [ 97.075549][ T5681] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./216/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./216/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./216/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./216/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./216") = 0 mkdir("./217", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5683 ./strace-static-x86_64: Process 5683 attached [pid 5683] set_robust_list(0x5555562186a0, 24) = 0 [pid 5683] chdir("./217") = 0 [pid 5683] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5683] setpgid(0, 0) = 0 [pid 5683] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5683] write(3, "1000", 4) = 4 [pid 5683] close(3) = 0 [pid 5683] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5683] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5683] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5683] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5684 attached [pid 5684] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5683] <... clone3 resumed> => {parent_tid=[5684]}, 88) = 5684 [pid 5684] <... rseq resumed>) = 0 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], [pid 5684] set_robust_list(0x7f3dc90769a0, 24 [pid 5683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5684] <... set_robust_list resumed>) = 0 [pid 5684] rt_sigprocmask(SIG_SETMASK, [], [pid 5683] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5684] memfd_create("syzkaller", 0) = 3 [pid 5684] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5684] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5684] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5684] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5684] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5684] close(3) = 0 [pid 5684] mkdir("./file0", 0777) = 0 [pid 5684] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5684] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5684] chdir("./file0") = 0 [pid 5684] ioctl(4, LOOP_CLR_FD) = 0 [pid 5684] close(4) = 0 [pid 5684] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5684] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... futex resumed>) = 0 [pid 5683] <... futex resumed>) = 1 [pid 5684] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5683] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] <... open resumed>) = 4 [pid 5684] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5683] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5684] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5684] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5683] <... futex resumed>) = 0 [pid 5684] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5684] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5683] <... futex resumed>) = 0 [pid 5684] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5683] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5683] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5683] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5684] <... mmap resumed>) = 0x20000000 [pid 5683] <... mprotect resumed>) = 0 [pid 5684] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5683] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5684] <... futex resumed>) = 0 [pid 5684] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5683] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5685 attached [pid 5685] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5683] <... clone3 resumed> => {parent_tid=[5685]}, 88) = 5685 [pid 5685] <... rseq resumed>) = 0 [pid 5683] rt_sigprocmask(SIG_SETMASK, [], [pid 5685] set_robust_list(0x7f3dc0d559a0, 24 [pid 5683] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5685] <... set_robust_list resumed>) = 0 [pid 5683] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5685] rt_sigprocmask(SIG_SETMASK, [], [pid 5683] <... futex resumed>) = 0 [pid 5685] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5683] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5685] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5683] <... futex resumed>) = ? [pid 5684] <... futex resumed>) = ? [pid 5684] +++ killed by SIGBUS +++ [pid 5685] +++ killed by SIGBUS +++ [pid 5683] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5683, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./217", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./217/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./217/binderfs") = 0 [ 97.143594][ T5684] syz-executor183[5684]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.168510][ T5684] loop0: detected capacity change from 0 to 2048 [ 97.181673][ T5684] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./217/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./217/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./217/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./217/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./217") = 0 mkdir("./218", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5686 ./strace-static-x86_64: Process 5686 attached [pid 5686] set_robust_list(0x5555562186a0, 24) = 0 [pid 5686] chdir("./218") = 0 [pid 5686] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5686] setpgid(0, 0) = 0 [pid 5686] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5686] write(3, "1000", 4) = 4 [pid 5686] close(3) = 0 [pid 5686] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5686] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5686] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5686] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5686] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5687 attached [pid 5687] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5686] <... clone3 resumed> => {parent_tid=[5687]}, 88) = 5687 [pid 5687] <... rseq resumed>) = 0 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], [pid 5687] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5686] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5687] rt_sigprocmask(SIG_SETMASK, [], [pid 5686] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5687] memfd_create("syzkaller", 0) = 3 [pid 5687] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5687] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5687] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5687] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5687] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5687] close(3) = 0 [pid 5687] mkdir("./file0", 0777) = 0 [pid 5687] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5687] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5687] chdir("./file0") = 0 [pid 5687] ioctl(4, LOOP_CLR_FD) = 0 [pid 5687] close(4) = 0 [pid 5687] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5687] <... futex resumed>) = 0 [pid 5686] <... futex resumed>) = 1 [pid 5687] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5686] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... open resumed>) = 4 [pid 5687] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5686] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5687] <... futex resumed>) = 0 [pid 5687] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5687] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... futex resumed>) = 0 [pid 5686] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5687] <... futex resumed>) = 0 [pid 5687] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5686] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5687] <... futex resumed>) = 0 [pid 5687] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5686] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5686] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5686] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5686] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5688 attached => {parent_tid=[5688]}, 88) = 5688 [pid 5688] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5686] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5688] <... rseq resumed>) = 0 [pid 5686] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5688] set_robust_list(0x7f3dc0d559a0, 24 [pid 5686] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5688] <... set_robust_list resumed>) = 0 [pid 5688] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5688] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5687] <... futex resumed>) = ? [pid 5686] <... futex resumed>) = ? [pid 5688] +++ killed by SIGBUS +++ [pid 5687] +++ killed by SIGBUS +++ [pid 5686] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5686, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./218", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./218/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./218/binderfs") = 0 [ 97.283674][ T5687] syz-executor183[5687]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.306834][ T5687] loop0: detected capacity change from 0 to 2048 [ 97.317727][ T5687] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./218/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./218/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./218/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./218/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./218") = 0 mkdir("./219", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5689 attached , child_tidptr=0x555556218690) = 5689 [pid 5689] set_robust_list(0x5555562186a0, 24) = 0 [pid 5689] chdir("./219") = 0 [pid 5689] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5689] setpgid(0, 0) = 0 [pid 5689] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5689] write(3, "1000", 4) = 4 [pid 5689] close(3) = 0 [pid 5689] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5689] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5689] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5689] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5690 attached => {parent_tid=[5690]}, 88) = 5690 [pid 5690] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], [pid 5690] set_robust_list(0x7f3dc90769a0, 24 [pid 5689] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5690] <... set_robust_list resumed>) = 0 [pid 5689] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5690] rt_sigprocmask(SIG_SETMASK, [], [pid 5689] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5690] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5690] memfd_create("syzkaller", 0) = 3 [pid 5690] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5690] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5690] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5690] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5690] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5690] close(3) = 0 [pid 5690] mkdir("./file0", 0777) = 0 [ 97.402480][ T5690] syz-executor183[5690]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.435734][ T5690] loop0: detected capacity change from 0 to 2048 [pid 5690] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5690] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5690] chdir("./file0") = 0 [pid 5690] ioctl(4, LOOP_CLR_FD) = 0 [pid 5690] close(4) = 0 [pid 5690] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5690] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5690] <... futex resumed>) = 0 [pid 5689] <... futex resumed>) = 1 [pid 5690] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5689] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] <... open resumed>) = 4 [pid 5690] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5690] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5689] <... futex resumed>) = 0 [pid 5689] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5689] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5690] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5689] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5690] <... mmap resumed>) = 0x20000000 [pid 5689] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5689] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5691]}, 88) = 5691 [pid 5689] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5691 attached NULL, 8) = 0 [pid 5689] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5689] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5690] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5691] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5691] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5691] rt_sigprocmask(SIG_SETMASK, [], [pid 5690] <... futex resumed>) = 0 [pid 5690] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5691] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5691] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5690] <... futex resumed>) = ? [pid 5691] +++ killed by SIGBUS +++ [pid 5690] +++ killed by SIGBUS +++ [pid 5689] <... futex resumed>) = ? [pid 5689] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5689, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./219", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./219/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./219/binderfs") = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./219/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./219/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./219/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./219/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./219") = 0 mkdir("./220", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5692 attached , child_tidptr=0x555556218690) = 5692 [pid 5692] set_robust_list(0x5555562186a0, 24) = 0 [pid 5692] chdir("./220") = 0 [ 97.446664][ T5690] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5692] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5692] setpgid(0, 0) = 0 [pid 5692] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5692] write(3, "1000", 4) = 4 [pid 5692] close(3) = 0 [pid 5692] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5692] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5692] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5692] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5693 attached [pid 5693] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5692] <... clone3 resumed> => {parent_tid=[5693]}, 88) = 5693 [pid 5693] <... rseq resumed>) = 0 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], [pid 5693] set_robust_list(0x7f3dc90769a0, 24 [pid 5692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5693] <... set_robust_list resumed>) = 0 [pid 5692] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] rt_sigprocmask(SIG_SETMASK, [], [pid 5692] <... futex resumed>) = 0 [pid 5693] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5692] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5693] memfd_create("syzkaller", 0) = 3 [pid 5693] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5693] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5693] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5693] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5693] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5693] close(3) = 0 [pid 5693] mkdir("./file0", 0777) = 0 [pid 5693] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5693] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5693] chdir("./file0") = 0 [pid 5693] ioctl(4, LOOP_CLR_FD) = 0 [pid 5693] close(4) = 0 [pid 5693] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5693] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5693] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5693] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5692] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] <... open resumed>) = 4 [pid 5693] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5693] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5693] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5692] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5692] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5692] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5692] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5693] <... futex resumed>) = 1 ./strace-static-x86_64: Process 5694 attached [pid 5693] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5694] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5693] <... mmap resumed>) = 0x20000000 [pid 5692] <... clone3 resumed> => {parent_tid=[5694]}, 88) = 5694 [pid 5694] <... rseq resumed>) = 0 [pid 5694] set_robust_list(0x7f3dc0d559a0, 24 [pid 5692] rt_sigprocmask(SIG_SETMASK, [], [pid 5694] <... set_robust_list resumed>) = 0 [pid 5694] rt_sigprocmask(SIG_SETMASK, [], [pid 5692] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5694] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5694] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5692] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5694] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5692] <... futex resumed>) = 0 [pid 5692] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5694] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5692] <... futex resumed>) = ? [pid 5694] +++ killed by SIGBUS +++ [pid 5693] +++ killed by SIGBUS +++ [pid 5692] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5692, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./220", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./220/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 97.518298][ T5693] syz-executor183[5693]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.545851][ T5693] loop0: detected capacity change from 0 to 2048 [ 97.557338][ T5693] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./220/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./220/binderfs") = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./220/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./220/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./220/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./220/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./220") = 0 mkdir("./221", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5695 ./strace-static-x86_64: Process 5695 attached [pid 5695] set_robust_list(0x5555562186a0, 24) = 0 [pid 5695] chdir("./221") = 0 [pid 5695] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5695] setpgid(0, 0) = 0 [pid 5695] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5695] write(3, "1000", 4) = 4 [pid 5695] close(3) = 0 [pid 5695] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5695] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5695] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5695] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5696 attached => {parent_tid=[5696]}, 88) = 5696 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5695] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5696] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5696] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5696] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5696] memfd_create("syzkaller", 0) = 3 [pid 5696] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5696] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5696] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5696] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5696] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5696] close(3) = 0 [pid 5696] mkdir("./file0", 0777) = 0 [pid 5696] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5696] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5696] chdir("./file0") = 0 [pid 5696] ioctl(4, LOOP_CLR_FD) = 0 [pid 5696] close(4) = 0 [pid 5696] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5695] <... futex resumed>) = 0 [pid 5696] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5695] <... futex resumed>) = 0 [pid 5696] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5695] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... open resumed>) = 4 [pid 5696] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... futex resumed>) = 0 [pid 5695] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5696] <... futex resumed>) = 1 [pid 5696] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5696] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5695] <... futex resumed>) = 0 [pid 5695] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5696] <... futex resumed>) = 1 [pid 5696] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5695] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5695] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5696] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5696] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5695] <... mprotect resumed>) = 0 [pid 5695] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5695] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5697 attached => {parent_tid=[5697]}, 88) = 5697 [pid 5695] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5695] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5695] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5697] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5697] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5697] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5697] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5696] <... futex resumed>) = ? [pid 5696] +++ killed by SIGBUS +++ [pid 5695] <... futex resumed>) = ? [pid 5697] +++ killed by SIGBUS +++ [pid 5695] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5695, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./221", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./221/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./221/binderfs") = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./221/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./221/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./221/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 97.668210][ T5696] syz-executor183[5696]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.690327][ T5696] loop0: detected capacity change from 0 to 2048 [ 97.701070][ T5696] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./221/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./221") = 0 mkdir("./222", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5698 ./strace-static-x86_64: Process 5698 attached [pid 5698] set_robust_list(0x5555562186a0, 24) = 0 [pid 5698] chdir("./222") = 0 [pid 5698] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5698] setpgid(0, 0) = 0 [pid 5698] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5698] write(3, "1000", 4) = 4 [pid 5698] close(3) = 0 [pid 5698] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5698] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5698] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5698] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5698] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5699]}, 88) = 5699 ./strace-static-x86_64: Process 5699 attached [pid 5698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5698] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5699] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5699] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5699] memfd_create("syzkaller", 0) = 3 [pid 5699] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5699] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5699] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5699] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5699] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5699] close(3) = 0 [pid 5699] mkdir("./file0", 0777) = 0 [pid 5699] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5699] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5699] chdir("./file0") = 0 [pid 5699] ioctl(4, LOOP_CLR_FD) = 0 [pid 5699] close(4) = 0 [pid 5699] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5699] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5698] <... futex resumed>) = 0 [pid 5699] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5698] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... open resumed>) = 4 [pid 5699] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5698] <... futex resumed>) = 0 [pid 5699] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5699] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5698] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5699] <... open resumed>) = 5 [pid 5699] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5699] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5698] <... futex resumed>) = 0 [pid 5698] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5699] <... futex resumed>) = 0 [pid 5698] <... futex resumed>) = 1 [pid 5699] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5698] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5698] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5700 attached [pid 5700] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5698] <... clone3 resumed> => {parent_tid=[5700]}, 88) = 5700 [pid 5698] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5698] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5698] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5700] <... rseq resumed>) = 0 [pid 5700] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5700] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5700] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5699] <... futex resumed>) = ? [pid 5699] +++ killed by SIGBUS +++ [pid 5698] <... futex resumed>) = ? [pid 5700] +++ killed by SIGBUS +++ [pid 5698] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5698, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./222", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./222/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 97.791133][ T5699] syz-executor183[5699]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.815531][ T5699] loop0: detected capacity change from 0 to 2048 [ 97.827424][ T5699] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./222/binderfs") = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./222/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./222/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./222/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./222/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./222") = 0 mkdir("./223", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5701 ./strace-static-x86_64: Process 5701 attached [pid 5701] set_robust_list(0x5555562186a0, 24) = 0 [pid 5701] chdir("./223") = 0 [pid 5701] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5701] setpgid(0, 0) = 0 [pid 5701] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5701] write(3, "1000", 4) = 4 [pid 5701] close(3) = 0 [pid 5701] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5701] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5701] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5701] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5702]}, 88) = 5702 [pid 5701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5701] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5702 attached [pid 5702] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5702] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5702] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5702] memfd_create("syzkaller", 0) = 3 [pid 5702] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5702] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5702] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5702] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5702] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5702] close(3) = 0 [pid 5702] mkdir("./file0", 0777) = 0 [pid 5702] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5702] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5702] chdir("./file0") = 0 [pid 5702] ioctl(4, LOOP_CLR_FD) = 0 [pid 5702] close(4) = 0 [pid 5702] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] <... futex resumed>) = 0 [pid 5702] <... futex resumed>) = 1 [pid 5702] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] <... futex resumed>) = 0 [pid 5701] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5702] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5702] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5702] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] <... futex resumed>) = 0 [pid 5701] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5702] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5702] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5702] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] <... futex resumed>) = 1 [pid 5701] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5701] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... futex resumed>) = 0 [pid 5701] <... futex resumed>) = 1 [pid 5702] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5701] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5702] <... mmap resumed>) = 0x20000000 [pid 5701] <... futex resumed>) = 0 [pid 5702] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5701] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5702] <... futex resumed>) = 0 [pid 5701] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5702] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5701] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5701] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5701] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5703 attached => {parent_tid=[5703]}, 88) = 5703 [pid 5703] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5701] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5703] <... rseq resumed>) = 0 [pid 5703] set_robust_list(0x7f3dc0d559a0, 24 [pid 5701] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5701] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5703] <... set_robust_list resumed>) = 0 [pid 5703] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5703] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5702] <... futex resumed>) = ? [pid 5701] <... futex resumed>) = ? [pid 5702] +++ killed by SIGBUS +++ [pid 5703] +++ killed by SIGBUS +++ [pid 5701] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5701, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./223", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./223/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./223/binderfs") = 0 [ 97.928204][ T5702] syz-executor183[5702]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 97.949278][ T5702] loop0: detected capacity change from 0 to 2048 [ 97.961456][ T5702] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./223/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./223/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./223/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./223/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./223") = 0 mkdir("./224", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5704 ./strace-static-x86_64: Process 5704 attached [pid 5704] set_robust_list(0x5555562186a0, 24) = 0 [pid 5704] chdir("./224") = 0 [pid 5704] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5704] setpgid(0, 0) = 0 [pid 5704] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5704] write(3, "1000", 4) = 4 [pid 5704] close(3) = 0 [pid 5704] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5704] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5704] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5704] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5704] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5704] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5704] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5704] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5705 attached => {parent_tid=[5705]}, 88) = 5705 [pid 5705] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5704] rt_sigprocmask(SIG_SETMASK, [], [pid 5705] set_robust_list(0x7f3dc90769a0, 24 [pid 5704] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5705] <... set_robust_list resumed>) = 0 [pid 5704] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] rt_sigprocmask(SIG_SETMASK, [], [pid 5704] <... futex resumed>) = 0 [pid 5705] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5704] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5705] memfd_create("syzkaller", 0) = 3 [pid 5705] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5705] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5705] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5705] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5705] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5705] close(3) = 0 [pid 5705] mkdir("./file0", 0777) = 0 [pid 5705] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5705] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5705] chdir("./file0") = 0 [pid 5705] ioctl(4, LOOP_CLR_FD) = 0 [pid 5705] close(4) = 0 [pid 5705] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5705] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5704] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... open resumed>) = 4 [pid 5705] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5705] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5704] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] <... open resumed>) = 5 [pid 5705] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5704] <... futex resumed>) = 0 [pid 5705] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5704] <... futex resumed>) = 0 [pid 5705] <... futex resumed>) = 0 [pid 5705] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5704] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5705] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5704] <... futex resumed>) = 0 [pid 5704] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5705] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5704] <... futex resumed>) = ? [pid 5705] +++ killed by SIGBUS +++ [pid 5704] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5704, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./224", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./224/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./224/binderfs") = 0 [ 98.031488][ T5705] syz-executor183[5705]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 98.056255][ T5705] loop0: detected capacity change from 0 to 2048 [ 98.067605][ T5705] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./224/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./224/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./224/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./224/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./224") = 0 mkdir("./225", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5706 attached , child_tidptr=0x555556218690) = 5706 [pid 5706] set_robust_list(0x5555562186a0, 24) = 0 [pid 5706] chdir("./225") = 0 [pid 5706] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5706] setpgid(0, 0) = 0 [pid 5706] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5706] write(3, "1000", 4) = 4 [pid 5706] close(3) = 0 [pid 5706] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5706] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5706] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5706] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5706] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5706] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5706] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5707 attached => {parent_tid=[5707]}, 88) = 5707 [pid 5707] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5706] rt_sigprocmask(SIG_SETMASK, [], [pid 5707] <... rseq resumed>) = 0 [pid 5706] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5707] set_robust_list(0x7f3dc90769a0, 24 [pid 5706] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... set_robust_list resumed>) = 0 [pid 5706] <... futex resumed>) = 0 [pid 5707] rt_sigprocmask(SIG_SETMASK, [], [pid 5706] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5707] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5707] memfd_create("syzkaller", 0) = 3 [pid 5707] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5707] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5707] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5707] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5707] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5707] close(3) = 0 [pid 5707] mkdir("./file0", 0777) = 0 [pid 5707] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5707] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5707] chdir("./file0") = 0 [pid 5707] ioctl(4, LOOP_CLR_FD) = 0 [pid 5707] close(4) = 0 [pid 5707] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5707] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] <... futex resumed>) = 0 [pid 5706] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] <... futex resumed>) = 0 [pid 5706] <... futex resumed>) = 1 [pid 5707] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5706] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5706] <... futex resumed>) = 0 [pid 5706] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5707] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5707] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 5706] <... futex resumed>) = 1 [pid 5706] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5707] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5707] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5706] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5706] <... futex resumed>) = 0 [pid 5707] <... mmap resumed>) = 0x20000000 [pid 5706] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5707] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5706] <... futex resumed>) = 0 [pid 5707] <... futex resumed>) = 0 [pid 5706] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5707] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5706] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5706] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5706] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5708 attached => {parent_tid=[5708]}, 88) = 5708 [pid 5708] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5708] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5708] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5708] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5706] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5706] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5708] <... futex resumed>) = 0 [pid 5706] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5708] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5707] <... futex resumed>) = ? [pid 5706] <... futex resumed>) = ? [pid 5707] +++ killed by SIGBUS +++ [pid 5708] +++ killed by SIGBUS +++ [pid 5706] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5706, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./225", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./225/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./225/binderfs") = 0 [ 98.140396][ T5707] syz-executor183[5707]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 98.165898][ T5707] loop0: detected capacity change from 0 to 2048 [ 98.177286][ T5707] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./225/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./225/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./225/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./225/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./225") = 0 mkdir("./226", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5709 attached , child_tidptr=0x555556218690) = 5709 [pid 5709] set_robust_list(0x5555562186a0, 24) = 0 [pid 5709] chdir("./226") = 0 [pid 5709] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5709] setpgid(0, 0) = 0 [pid 5709] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5709] write(3, "1000", 4) = 4 [pid 5709] close(3) = 0 [pid 5709] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5709] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5709] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5709] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5709] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5710 attached => {parent_tid=[5710]}, 88) = 5710 [pid 5710] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5709] rt_sigprocmask(SIG_SETMASK, [], [pid 5710] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5710] rt_sigprocmask(SIG_SETMASK, [], [pid 5709] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5710] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5709] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] memfd_create("syzkaller", 0 [pid 5709] <... futex resumed>) = 0 [pid 5709] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5710] <... memfd_create resumed>) = 3 [pid 5710] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5710] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5710] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5710] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5710] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5710] close(3) = 0 [pid 5710] mkdir("./file0", 0777) = 0 [pid 5710] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5710] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5710] chdir("./file0") = 0 [pid 5710] ioctl(4, LOOP_CLR_FD) = 0 [pid 5710] close(4) = 0 [pid 5710] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5710] <... futex resumed>) = 1 [pid 5709] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5709] <... futex resumed>) = 0 [pid 5709] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... open resumed>) = 4 [pid 5710] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5709] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5710] <... futex resumed>) = 1 [pid 5710] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5710] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5709] <... futex resumed>) = 0 [pid 5709] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5710] <... futex resumed>) = 1 [pid 5709] <... futex resumed>) = 0 [pid 5710] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5709] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5709] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5709] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5711]}, 88) = 5711 [pid 5709] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5709] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5709] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5711 attached [pid 5711] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5711] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5711] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5711] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5709] <... futex resumed>) = ? [pid 5711] +++ killed by SIGBUS +++ [pid 5710] <... futex resumed>) = ? [pid 5710] +++ killed by SIGBUS +++ [pid 5709] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5709, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./226", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./226/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./226/binderfs") = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./226/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./226/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./226/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 98.266236][ T5710] loop0: detected capacity change from 0 to 2048 [ 98.277336][ T5710] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./226/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./226") = 0 mkdir("./227", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5712 attached , child_tidptr=0x555556218690) = 5712 [pid 5712] set_robust_list(0x5555562186a0, 24) = 0 [pid 5712] chdir("./227") = 0 [pid 5712] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5712] setpgid(0, 0) = 0 [pid 5712] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5712] write(3, "1000", 4) = 4 [pid 5712] close(3) = 0 [pid 5712] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5712] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5712] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5712] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5712] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5713 attached => {parent_tid=[5713]}, 88) = 5713 [pid 5713] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5712] rt_sigprocmask(SIG_SETMASK, [], [pid 5713] <... rseq resumed>) = 0 [pid 5713] set_robust_list(0x7f3dc90769a0, 24 [pid 5712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5713] <... set_robust_list resumed>) = 0 [pid 5712] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5712] <... futex resumed>) = 0 [pid 5713] memfd_create("syzkaller", 0 [pid 5712] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5713] <... memfd_create resumed>) = 3 [pid 5713] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5713] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5713] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5713] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5713] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5713] close(3) = 0 [pid 5713] mkdir("./file0", 0777) = 0 [pid 5713] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5713] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5713] chdir("./file0") = 0 [pid 5713] ioctl(4, LOOP_CLR_FD) = 0 [pid 5713] close(4) = 0 [pid 5713] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] <... futex resumed>) = 0 [pid 5712] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = 1 [pid 5712] <... futex resumed>) = 0 [pid 5713] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5712] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... open resumed>) = 4 [pid 5713] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5712] <... futex resumed>) = 0 [pid 5713] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5712] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5712] <... futex resumed>) = 0 [pid 5713] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5712] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5713] <... open resumed>) = 5 [pid 5713] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5712] <... futex resumed>) = 0 [pid 5713] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5712] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5712] <... futex resumed>) = 0 [pid 5713] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5712] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5713] <... mmap resumed>) = 0x20000000 [pid 5712] <... futex resumed>) = 0 [pid 5713] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5712] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5713] <... futex resumed>) = 0 [pid 5712] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5713] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5712] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5712] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5712] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5714 attached [pid 5714] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5712] <... clone3 resumed> => {parent_tid=[5714]}, 88) = 5714 [pid 5714] <... rseq resumed>) = 0 [pid 5712] rt_sigprocmask(SIG_SETMASK, [], [pid 5714] set_robust_list(0x7f3dc0d559a0, 24 [pid 5712] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5714] <... set_robust_list resumed>) = 0 [pid 5712] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5714] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5712] <... futex resumed>) = 0 [pid 5714] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5712] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5713] <... futex resumed>) = ? [pid 5713] +++ killed by SIGBUS +++ [pid 5714] +++ killed by SIGBUS +++ [pid 5712] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5712, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./227", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./227/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./227/binderfs") = 0 [ 98.362502][ T5713] loop0: detected capacity change from 0 to 2048 [ 98.376178][ T5713] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./227/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./227/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./227/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./227/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./227") = 0 mkdir("./228", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5715 attached [pid 5715] set_robust_list(0x5555562186a0, 24) = 0 [pid 5715] chdir("./228") = 0 [pid 5715] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5715] setpgid(0, 0) = 0 [pid 5715] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5715 [pid 5715] <... openat resumed>) = 3 [pid 5715] write(3, "1000", 4) = 4 [pid 5715] close(3) = 0 [pid 5715] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5715] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5715] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5715] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5715] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5715] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5716 attached [pid 5716] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5715] <... clone3 resumed> => {parent_tid=[5716]}, 88) = 5716 [pid 5716] <... rseq resumed>) = 0 [pid 5715] rt_sigprocmask(SIG_SETMASK, [], [pid 5716] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5715] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5715] <... futex resumed>) = 0 [pid 5715] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5716] memfd_create("syzkaller", 0) = 3 [pid 5716] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5716] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5716] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5716] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5716] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5716] close(3) = 0 [pid 5716] mkdir("./file0", 0777) = 0 [pid 5716] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5716] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5716] chdir("./file0") = 0 [pid 5716] ioctl(4, LOOP_CLR_FD) = 0 [pid 5716] close(4) = 0 [pid 5716] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5715] <... futex resumed>) = 0 [pid 5716] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5715] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = 0 [pid 5715] <... futex resumed>) = 1 [pid 5716] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5715] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5716] <... open resumed>) = 4 [pid 5716] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5715] <... futex resumed>) = 0 [pid 5716] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5715] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5716] <... futex resumed>) = 0 [pid 5715] <... futex resumed>) = 1 [pid 5715] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5716] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5716] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5715] <... futex resumed>) = 0 [pid 5716] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5715] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5716] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5716] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5715] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5715] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5716] <... mmap resumed>) = 0x20000000 [pid 5716] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5715] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5716] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5715] <... mprotect resumed>) = 0 [pid 5715] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5715] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5717 attached [pid 5717] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5715] <... clone3 resumed> => {parent_tid=[5717]}, 88) = 5717 [pid 5717] <... rseq resumed>) = 0 [pid 5717] set_robust_list(0x7f3dc0d559a0, 24 [pid 5715] rt_sigprocmask(SIG_SETMASK, [], [pid 5717] <... set_robust_list resumed>) = 0 [pid 5715] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5717] rt_sigprocmask(SIG_SETMASK, [], [pid 5715] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5717] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5715] <... futex resumed>) = 0 [pid 5717] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5715] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5716] <... futex resumed>) = ? [pid 5715] <... futex resumed>) = ? [pid 5717] +++ killed by SIGBUS +++ [pid 5716] +++ killed by SIGBUS +++ [pid 5715] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5715, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./228", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./228/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./228/binderfs") = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./228/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./228/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./228/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./228/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./228") = 0 mkdir("./229", 0777) = 0 [ 98.484017][ T5716] loop0: detected capacity change from 0 to 2048 [ 98.496737][ T5716] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5718 ./strace-static-x86_64: Process 5718 attached [pid 5718] set_robust_list(0x5555562186a0, 24) = 0 [pid 5718] chdir("./229") = 0 [pid 5718] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5718] setpgid(0, 0) = 0 [pid 5718] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5718] write(3, "1000", 4) = 4 [pid 5718] close(3) = 0 [pid 5718] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5718] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5718] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5718] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5719 attached [pid 5719] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5718] <... clone3 resumed> => {parent_tid=[5719]}, 88) = 5719 [pid 5719] <... rseq resumed>) = 0 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], [pid 5719] set_robust_list(0x7f3dc90769a0, 24 [pid 5718] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5719] <... set_robust_list resumed>) = 0 [pid 5719] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5719] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5719] <... futex resumed>) = 0 [pid 5719] memfd_create("syzkaller", 0 [pid 5718] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5719] <... memfd_create resumed>) = 3 [pid 5719] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5719] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5719] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5719] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5719] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5719] close(3) = 0 [pid 5719] mkdir("./file0", 0777) = 0 [pid 5719] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5719] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5719] chdir("./file0") = 0 [pid 5719] ioctl(4, LOOP_CLR_FD) = 0 [pid 5719] close(4) = 0 [pid 5719] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5719] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] <... futex resumed>) = 0 [pid 5719] <... futex resumed>) = 1 [pid 5718] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5718] <... futex resumed>) = 0 [pid 5718] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5719] <... open resumed>) = 5 [pid 5719] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5718] <... futex resumed>) = 0 [pid 5719] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5718] <... futex resumed>) = 0 [pid 5719] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5718] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5719] <... mmap resumed>) = 0x20000000 [pid 5718] <... futex resumed>) = 0 [pid 5718] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5719] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5718] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5719] <... futex resumed>) = 0 [pid 5718] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5719] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5718] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5718] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5720]}, 88) = 5720 [pid 5718] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5718] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5718] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5720 attached [pid 5720] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5720] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5720] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5720] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5719] <... futex resumed>) = ? [pid 5718] <... futex resumed>) = ? [pid 5720] +++ killed by SIGBUS +++ [pid 5719] +++ killed by SIGBUS +++ [ 98.589238][ T5719] loop0: detected capacity change from 0 to 2048 [ 98.604528][ T5719] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5718] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5718, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./229", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./229/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./229/binderfs") = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./229/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./229/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./229/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./229/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./229") = 0 mkdir("./230", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5721 ./strace-static-x86_64: Process 5721 attached [pid 5721] set_robust_list(0x5555562186a0, 24) = 0 [pid 5721] chdir("./230") = 0 [pid 5721] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5721] setpgid(0, 0) = 0 [pid 5721] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5721] write(3, "1000", 4) = 4 [pid 5721] close(3) = 0 [pid 5721] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5721] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5721] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5721] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5722 attached [pid 5722] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5721] <... clone3 resumed> => {parent_tid=[5722]}, 88) = 5722 [pid 5722] <... rseq resumed>) = 0 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], [pid 5722] set_robust_list(0x7f3dc90769a0, 24 [pid 5721] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5722] <... set_robust_list resumed>) = 0 [pid 5721] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] rt_sigprocmask(SIG_SETMASK, [], [pid 5721] <... futex resumed>) = 0 [pid 5722] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5721] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5722] memfd_create("syzkaller", 0) = 3 [pid 5722] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5722] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5722] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5722] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5722] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5722] close(3) = 0 [pid 5722] mkdir("./file0", 0777) = 0 [pid 5722] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5722] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5722] chdir("./file0") = 0 [pid 5722] ioctl(4, LOOP_CLR_FD) = 0 [pid 5722] close(4) = 0 [pid 5722] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5721] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5721] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] <... futex resumed>) = 1 [pid 5722] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5722] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5721] <... futex resumed>) = 0 [pid 5722] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] <... futex resumed>) = 0 [pid 5721] <... futex resumed>) = 1 [pid 5722] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5721] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5722] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5721] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5722] <... futex resumed>) = 0 [pid 5721] <... futex resumed>) = 1 [pid 5722] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5722] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5721] <... futex resumed>) = 0 [pid 5722] <... futex resumed>) = 0 [pid 5722] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5721] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5721] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5721] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5723]}, 88) = 5723 [pid 5721] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5723 attached [pid 5723] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5723] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5723] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5723] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5721] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5723] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5721] <... futex resumed>) = 0 [pid 5723] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5721] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5722] <... futex resumed>) = ? [pid 5721] <... futex resumed>) = ? [pid 5723] +++ killed by SIGBUS +++ [pid 5722] +++ killed by SIGBUS +++ [pid 5721] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5721, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./230", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./230/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./230/binderfs") = 0 [ 98.713435][ T5722] loop0: detected capacity change from 0 to 2048 [ 98.723883][ T5722] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./230/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./230/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./230/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./230/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./230") = 0 mkdir("./231", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5724 attached , child_tidptr=0x555556218690) = 5724 [pid 5724] set_robust_list(0x5555562186a0, 24) = 0 [pid 5724] chdir("./231") = 0 [pid 5724] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5724] setpgid(0, 0) = 0 [pid 5724] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5724] write(3, "1000", 4) = 4 [pid 5724] close(3) = 0 [pid 5724] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5724] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5724] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5724] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5724] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5725]}, 88) = 5725 [pid 5724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5724] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5725 attached [pid 5725] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5725] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5725] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5725] memfd_create("syzkaller", 0) = 3 [pid 5725] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5725] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5725] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5725] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5725] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5725] close(3) = 0 [pid 5725] mkdir("./file0", 0777) = 0 [pid 5725] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5725] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5725] chdir("./file0") = 0 [pid 5725] ioctl(4, LOOP_CLR_FD) = 0 [pid 5725] close(4) = 0 [pid 5725] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5724] <... futex resumed>) = 0 [pid 5725] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5724] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... open resumed>) = 4 [pid 5725] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5725] <... futex resumed>) = 1 [pid 5724] <... futex resumed>) = 0 [pid 5725] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5724] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5725] <... open resumed>) = 5 [pid 5725] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5724] <... futex resumed>) = 0 [pid 5724] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] <... futex resumed>) = 1 [pid 5725] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5724] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5725] <... mmap resumed>) = 0x20000000 [pid 5724] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5724] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5725] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5725] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5724] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5724] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5726]}, 88) = 5726 [pid 5724] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5724] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5724] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5726 attached [pid 5726] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5726] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5726] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5726] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5725] <... futex resumed>) = ? [pid 5724] <... futex resumed>) = ? [pid 5725] +++ killed by SIGBUS +++ [pid 5726] +++ killed by SIGBUS +++ [pid 5724] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5724, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./231", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./231/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./231/binderfs") = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./231/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./231/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./231/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./231/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./231") = 0 mkdir("./232", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5727 attached , child_tidptr=0x555556218690) = 5727 [pid 5727] set_robust_list(0x5555562186a0, 24) = 0 [pid 5727] chdir("./232") = 0 [pid 5727] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5727] setpgid(0, 0) = 0 [pid 5727] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5727] write(3, "1000", 4) = 4 [pid 5727] close(3) = 0 [pid 5727] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5727] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 98.815501][ T5725] loop0: detected capacity change from 0 to 2048 [ 98.826438][ T5725] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5727] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5727] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5727] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5727] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5728 attached => {parent_tid=[5728]}, 88) = 5728 [pid 5728] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5727] rt_sigprocmask(SIG_SETMASK, [], [pid 5728] <... rseq resumed>) = 0 [pid 5728] set_robust_list(0x7f3dc90769a0, 24 [pid 5727] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5728] <... set_robust_list resumed>) = 0 [pid 5727] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] rt_sigprocmask(SIG_SETMASK, [], [pid 5727] <... futex resumed>) = 0 [pid 5728] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5727] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5728] memfd_create("syzkaller", 0) = 3 [pid 5728] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5728] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5728] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5728] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5728] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5728] close(3) = 0 [pid 5728] mkdir("./file0", 0777) = 0 [pid 5728] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5728] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5728] chdir("./file0") = 0 [pid 5728] ioctl(4, LOOP_CLR_FD) = 0 [pid 5728] close(4) = 0 [pid 5728] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5727] <... futex resumed>) = 0 [pid 5727] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5728] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5728] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] <... futex resumed>) = 0 [pid 5727] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5727] <... futex resumed>) = 1 [pid 5728] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5727] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... open resumed>) = 5 [pid 5728] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5727] <... futex resumed>) = 0 [pid 5728] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5728] <... futex resumed>) = 0 [pid 5727] <... futex resumed>) = 1 [pid 5728] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5727] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5728] <... mmap resumed>) = 0x20000000 [pid 5728] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5727] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5728] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5727] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5727] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5729 attached [pid 5729] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5729] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5729] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5727] <... clone3 resumed> => {parent_tid=[5729]}, 88) = 5729 [pid 5729] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5727] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5727] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5729] <... futex resumed>) = 0 [pid 5727] <... futex resumed>) = 1 [pid 5729] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5727] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5728] <... futex resumed>) = ? [pid 5727] <... futex resumed>) = ? [pid 5728] +++ killed by SIGBUS +++ [pid 5729] +++ killed by SIGBUS +++ [pid 5727] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5727, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./232", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./232/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 98.900167][ T5728] loop0: detected capacity change from 0 to 2048 [ 98.911679][ T5728] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./232/binderfs") = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./232/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./232/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./232/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./232/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./232") = 0 mkdir("./233", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5730 attached , child_tidptr=0x555556218690) = 5730 [pid 5730] set_robust_list(0x5555562186a0, 24) = 0 [pid 5730] chdir("./233") = 0 [pid 5730] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5730] setpgid(0, 0) = 0 [pid 5730] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5730] write(3, "1000", 4) = 4 [pid 5730] close(3) = 0 [pid 5730] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5730] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5730] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5730] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5731]}, 88) = 5731 [pid 5730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5730] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5731 attached [pid 5731] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5731] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5731] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5731] memfd_create("syzkaller", 0) = 3 [pid 5731] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5731] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5731] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5731] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5731] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5731] close(3) = 0 [pid 5731] mkdir("./file0", 0777) = 0 [pid 5731] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5731] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5731] chdir("./file0") = 0 [pid 5731] ioctl(4, LOOP_CLR_FD) = 0 [pid 5731] close(4) = 0 [pid 5731] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5731] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5730] <... futex resumed>) = 0 [pid 5730] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5731] <... futex resumed>) = 0 [pid 5730] <... futex resumed>) = 1 [pid 5731] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5730] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] <... open resumed>) = 4 [pid 5731] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5730] <... futex resumed>) = 0 [pid 5730] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5731] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5730] <... futex resumed>) = 0 [pid 5730] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5730] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5730] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5730] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5730] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5732]}, 88) = 5732 [pid 5730] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5732 attached [pid 5730] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5732] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5730] <... futex resumed>) = 0 [pid 5732] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5730] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5731] <... futex resumed>) = 1 [pid 5732] rt_sigprocmask(SIG_SETMASK, [], [pid 5731] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5732] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5731] <... mmap resumed>) = 0x20000000 [pid 5732] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5730] <... futex resumed>) = ? [pid 5731] +++ killed by SIGBUS +++ [pid 5732] +++ killed by SIGBUS +++ [pid 5730] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5730, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./233", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./233/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./233/binderfs") = 0 [ 99.023983][ T5731] loop0: detected capacity change from 0 to 2048 [ 99.035532][ T5731] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./233/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./233/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./233/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./233/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./233") = 0 mkdir("./234", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5733 ./strace-static-x86_64: Process 5733 attached [pid 5733] set_robust_list(0x5555562186a0, 24) = 0 [pid 5733] chdir("./234") = 0 [pid 5733] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5733] setpgid(0, 0) = 0 [pid 5733] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5733] write(3, "1000", 4) = 4 [pid 5733] close(3) = 0 [pid 5733] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5733] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5733] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5733] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5734 attached [pid 5734] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5734] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5734] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5734] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] <... clone3 resumed> => {parent_tid=[5734]}, 88) = 5734 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5733] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5734] <... futex resumed>) = 0 [pid 5733] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5734] memfd_create("syzkaller", 0) = 3 [pid 5734] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5734] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5734] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5734] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5734] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5734] close(3) = 0 [pid 5734] mkdir("./file0", 0777) = 0 [pid 5734] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5734] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5734] chdir("./file0") = 0 [pid 5734] ioctl(4, LOOP_CLR_FD) = 0 [pid 5734] close(4) = 0 [pid 5734] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5734] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5733] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... open resumed>) = 4 [pid 5734] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5733] <... futex resumed>) = 0 [pid 5734] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5733] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... open resumed>) = 5 [pid 5734] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5733] <... futex resumed>) = 0 [pid 5734] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5734] <... futex resumed>) = 0 [pid 5733] <... futex resumed>) = 1 [pid 5734] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5733] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5734] <... mmap resumed>) = 0x20000000 [pid 5733] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5734] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5733] <... mprotect resumed>) = 0 [pid 5734] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5733] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5733] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5735 attached [pid 5735] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5733] <... clone3 resumed> => {parent_tid=[5735]}, 88) = 5735 [pid 5735] <... rseq resumed>) = 0 [pid 5733] rt_sigprocmask(SIG_SETMASK, [], [pid 5735] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5733] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5735] rt_sigprocmask(SIG_SETMASK, [], [pid 5733] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5735] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5735] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5733] <... futex resumed>) = 0 [pid 5733] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5734] <... futex resumed>) = ? [pid 5735] +++ killed by SIGBUS +++ [pid 5734] +++ killed by SIGBUS +++ [pid 5733] <... futex resumed>) = ? [pid 5733] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5733, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./234", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./234/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./234/binderfs") = 0 [ 99.133651][ T5734] loop0: detected capacity change from 0 to 2048 [ 99.145544][ T5734] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./234/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./234/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./234/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./234/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./234") = 0 mkdir("./235", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5736 ./strace-static-x86_64: Process 5736 attached [pid 5736] set_robust_list(0x5555562186a0, 24) = 0 [pid 5736] chdir("./235") = 0 [pid 5736] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5736] setpgid(0, 0) = 0 [pid 5736] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5736] write(3, "1000", 4) = 4 [pid 5736] close(3) = 0 [pid 5736] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5736] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5736] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5736] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5737 attached => {parent_tid=[5737]}, 88) = 5737 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5736] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5737] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5737] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5737] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5737] memfd_create("syzkaller", 0) = 3 [pid 5737] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5737] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5737] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5737] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5737] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5737] close(3) = 0 [pid 5737] mkdir("./file0", 0777) = 0 [pid 5737] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5737] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5737] chdir("./file0") = 0 [pid 5737] ioctl(4, LOOP_CLR_FD) = 0 [pid 5737] close(4) = 0 [pid 5737] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5737] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 0 [pid 5737] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5736] <... futex resumed>) = 1 [pid 5736] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] <... open resumed>) = 4 [pid 5737] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5737] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] <... futex resumed>) = 0 [pid 5736] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5737] <... futex resumed>) = 0 [pid 5736] <... futex resumed>) = 1 [pid 5737] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5736] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5737] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5736] <... futex resumed>) = 0 [pid 5737] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5736] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5737] <... mmap resumed>) = 0x20000000 [pid 5737] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5737] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5736] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5736] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5736] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5736] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5738 attached => {parent_tid=[5738]}, 88) = 5738 [pid 5736] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5736] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5736] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5738] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5738] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5738] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5738] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5737] <... futex resumed>) = ? [pid 5737] +++ killed by SIGBUS +++ [pid 5736] <... futex resumed>) = ? [pid 5738] +++ killed by SIGBUS +++ [pid 5736] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5736, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./235", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./235/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./235/binderfs") = 0 [ 99.233265][ T5737] loop0: detected capacity change from 0 to 2048 [ 99.245238][ T5737] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./235/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./235/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./235/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./235/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./235") = 0 mkdir("./236", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5739 attached , child_tidptr=0x555556218690) = 5739 [pid 5739] set_robust_list(0x5555562186a0, 24) = 0 [pid 5739] chdir("./236") = 0 [pid 5739] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5739] setpgid(0, 0) = 0 [pid 5739] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5739] write(3, "1000", 4) = 4 [pid 5739] close(3) = 0 [pid 5739] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5739] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5739] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5739] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5740 attached [pid 5740] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5739] <... clone3 resumed> => {parent_tid=[5740]}, 88) = 5740 [pid 5740] <... rseq resumed>) = 0 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], [pid 5740] set_robust_list(0x7f3dc90769a0, 24 [pid 5739] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5740] <... set_robust_list resumed>) = 0 [pid 5739] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5739] <... futex resumed>) = 0 [pid 5740] memfd_create("syzkaller", 0 [pid 5739] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5740] <... memfd_create resumed>) = 3 [pid 5740] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5740] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5740] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5740] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5740] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5740] close(3) = 0 [pid 5740] mkdir("./file0", 0777) = 0 [pid 5740] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5740] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5740] chdir("./file0") = 0 [pid 5740] ioctl(4, LOOP_CLR_FD) = 0 [pid 5740] close(4) = 0 [pid 5740] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5740] <... futex resumed>) = 1 [pid 5739] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5740] <... open resumed>) = 4 [pid 5740] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... futex resumed>) = 1 [pid 5739] <... futex resumed>) = 0 [pid 5740] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5739] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5740] <... open resumed>) = 5 [pid 5740] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5739] <... futex resumed>) = 0 [pid 5740] <... futex resumed>) = 1 [pid 5740] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5739] <... futex resumed>) = 0 [pid 5739] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5740] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5739] <... futex resumed>) = 0 [pid 5740] <... mmap resumed>) = 0x20000000 [pid 5739] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5739] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5740] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5740] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5739] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5739] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5741]}, 88) = 5741 [pid 5739] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5739] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5739] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5741 attached [pid 5741] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5741] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5741] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5741] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5740] <... futex resumed>) = ? [pid 5741] +++ killed by SIGBUS +++ [pid 5740] +++ killed by SIGBUS +++ [pid 5739] <... futex resumed>) = ? [pid 5739] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5739, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./236", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./236/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./236/binderfs") = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./236/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./236/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./236/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./236/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./236") = 0 mkdir("./237", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5742 ./strace-static-x86_64: Process 5742 attached [pid 5742] set_robust_list(0x5555562186a0, 24) = 0 [pid 5742] chdir("./237") = 0 [pid 5742] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5742] setpgid(0, 0) = 0 [pid 5742] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5742] write(3, "1000", 4) = 4 [pid 5742] close(3) = 0 [pid 5742] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5742] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5742] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5742] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5743]}, 88) = 5743 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5742] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5743 attached [pid 5743] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5743] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5743] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5743] memfd_create("syzkaller", 0) = 3 [ 99.334785][ T5740] loop0: detected capacity change from 0 to 2048 [ 99.356330][ T5740] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5743] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5743] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5743] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5743] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5743] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5743] close(3) = 0 [pid 5743] mkdir("./file0", 0777) = 0 [pid 5743] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5743] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5743] chdir("./file0") = 0 [pid 5743] ioctl(4, LOOP_CLR_FD) = 0 [pid 5743] close(4) = 0 [pid 5743] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5742] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5742] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] <... open resumed>) = 4 [pid 5743] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5743] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5742] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] <... open resumed>) = 5 [pid 5742] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5743] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5742] <... futex resumed>) = 0 [pid 5742] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5743] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5742] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5743] <... mmap resumed>) = 0x20000000 [pid 5742] <... futex resumed>) = 0 [pid 5743] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5742] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5743] <... futex resumed>) = 0 [pid 5743] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5742] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5742] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5742] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5742] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5744 attached [pid 5744] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5742] <... clone3 resumed> => {parent_tid=[5744]}, 88) = 5744 [pid 5744] <... rseq resumed>) = 0 [pid 5742] rt_sigprocmask(SIG_SETMASK, [], [pid 5744] set_robust_list(0x7f3dc0d559a0, 24 [pid 5742] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5744] <... set_robust_list resumed>) = 0 [pid 5742] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5744] rt_sigprocmask(SIG_SETMASK, [], [pid 5742] <... futex resumed>) = 0 [pid 5744] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5742] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5744] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5742] <... futex resumed>) = ? [pid 5743] <... futex resumed>) = ? [pid 5744] +++ killed by SIGBUS +++ [pid 5743] +++ killed by SIGBUS +++ [pid 5742] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5742, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./237", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./237/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./237/binderfs") = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./237/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./237/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./237/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./237/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./237") = 0 mkdir("./238", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5745 attached , child_tidptr=0x555556218690) = 5745 [pid 5745] set_robust_list(0x5555562186a0, 24) = 0 [pid 5745] chdir("./238") = 0 [pid 5745] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [ 99.438671][ T5743] loop0: detected capacity change from 0 to 2048 [ 99.451041][ T5743] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5745] setpgid(0, 0) = 0 [pid 5745] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5745] write(3, "1000", 4) = 4 [pid 5745] close(3) = 0 [pid 5745] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5745] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5745] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5745] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5745] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5746 attached => {parent_tid=[5746]}, 88) = 5746 [pid 5746] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5745] rt_sigprocmask(SIG_SETMASK, [], [pid 5746] set_robust_list(0x7f3dc90769a0, 24 [pid 5745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5746] <... set_robust_list resumed>) = 0 [pid 5745] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5745] <... futex resumed>) = 0 [pid 5746] memfd_create("syzkaller", 0 [pid 5745] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5746] <... memfd_create resumed>) = 3 [pid 5746] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5746] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5746] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5746] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5746] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5746] close(3) = 0 [pid 5746] mkdir("./file0", 0777) = 0 [pid 5746] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5746] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5746] chdir("./file0") = 0 [pid 5746] ioctl(4, LOOP_CLR_FD) = 0 [pid 5746] close(4) = 0 [pid 5746] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] <... futex resumed>) = 1 [pid 5745] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5746] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5746] <... futex resumed>) = 1 [pid 5746] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5745] <... futex resumed>) = 0 [pid 5746] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5745] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5746] <... open resumed>) = 5 [pid 5746] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5745] <... futex resumed>) = 0 [pid 5745] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5746] <... futex resumed>) = 1 [pid 5745] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5746] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5745] <... futex resumed>) = 0 [pid 5745] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5746] <... mmap resumed>) = 0x20000000 [pid 5746] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5745] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5746] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5745] <... mprotect resumed>) = 0 [pid 5745] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5745] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5747 attached => {parent_tid=[5747]}, 88) = 5747 [pid 5747] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5745] rt_sigprocmask(SIG_SETMASK, [], [pid 5747] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5745] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5747] rt_sigprocmask(SIG_SETMASK, [], [pid 5745] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5747] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5745] <... futex resumed>) = 0 [pid 5747] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5745] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5746] <... futex resumed>) = ? [pid 5746] +++ killed by SIGBUS +++ [pid 5747] +++ killed by SIGBUS +++ [pid 5745] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5745, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./238", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./238/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./238/binderfs") = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./238/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 99.522256][ T5746] loop0: detected capacity change from 0 to 2048 [ 99.537612][ T5746] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./238/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./238/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./238/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./238") = 0 mkdir("./239", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5748 attached , child_tidptr=0x555556218690) = 5748 [pid 5748] set_robust_list(0x5555562186a0, 24) = 0 [pid 5748] chdir("./239") = 0 [pid 5748] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5748] setpgid(0, 0) = 0 [pid 5748] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5748] write(3, "1000", 4) = 4 [pid 5748] close(3) = 0 [pid 5748] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5748] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5748] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5748] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5748] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5749]}, 88) = 5749 ./strace-static-x86_64: Process 5749 attached [pid 5748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5748] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5749] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5749] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5749] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5749] memfd_create("syzkaller", 0) = 3 [pid 5749] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5749] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5749] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5749] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5749] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5749] close(3) = 0 [pid 5749] mkdir("./file0", 0777) = 0 [pid 5749] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5749] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5749] chdir("./file0") = 0 [pid 5749] ioctl(4, LOOP_CLR_FD) = 0 [pid 5749] close(4) = 0 [pid 5749] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5749] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5748] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... futex resumed>) = 0 [pid 5749] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5749] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5749] <... futex resumed>) = 1 [pid 5749] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5749] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5748] <... futex resumed>) = 0 [pid 5748] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5749] <... futex resumed>) = 1 [pid 5748] <... futex resumed>) = 0 [pid 5749] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5748] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5748] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5750 attached => {parent_tid=[5750]}, 88) = 5750 [pid 5748] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5748] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5748] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5750] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5750] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5750] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5750] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5748] <... futex resumed>) = ? [pid 5749] <... futex resumed>) = ? [pid 5749] +++ killed by SIGBUS +++ [pid 5750] +++ killed by SIGBUS +++ [pid 5748] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5748, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./239", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./239/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./239/binderfs") = 0 [ 99.621568][ T5749] loop0: detected capacity change from 0 to 2048 [ 99.632979][ T5749] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./239/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./239/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./239/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./239/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./239") = 0 mkdir("./240", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5751 ./strace-static-x86_64: Process 5751 attached [pid 5751] set_robust_list(0x5555562186a0, 24) = 0 [pid 5751] chdir("./240") = 0 [pid 5751] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5751] setpgid(0, 0) = 0 [pid 5751] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5751] write(3, "1000", 4) = 4 [pid 5751] close(3) = 0 [pid 5751] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5751] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5751] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5751] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5752]}, 88) = 5752 ./strace-static-x86_64: Process 5752 attached [pid 5752] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5751] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5752] <... rseq resumed>) = 0 [pid 5752] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5752] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5752] memfd_create("syzkaller", 0) = 3 [pid 5752] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5752] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5752] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5752] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5752] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5752] close(3) = 0 [pid 5752] mkdir("./file0", 0777) = 0 [pid 5752] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5752] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5752] chdir("./file0") = 0 [pid 5752] ioctl(4, LOOP_CLR_FD) = 0 [pid 5752] close(4) = 0 [pid 5752] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5752] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5751] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] <... open resumed>) = 4 [pid 5752] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5751] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5752] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5751] <... futex resumed>) = 0 [pid 5752] <... open resumed>) = 5 [pid 5751] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5752] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5751] <... futex resumed>) = 0 [pid 5752] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5751] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5752] <... mmap resumed>) = 0x20000000 [pid 5751] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5752] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5751] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5752] <... futex resumed>) = 0 [pid 5752] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5751] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5751] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5751] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5753]}, 88) = 5753 [pid 5751] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5753 attached NULL, 8) = 0 [pid 5751] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5751] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5753] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5753] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5753] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5753] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5751] <... futex resumed>) = ? [pid 5752] <... futex resumed>) = ? [pid 5752] +++ killed by SIGBUS +++ [pid 5753] +++ killed by SIGBUS +++ [pid 5751] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5751, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./240", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./240/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./240/binderfs") = 0 [ 99.742365][ T5752] loop0: detected capacity change from 0 to 2048 [ 99.755400][ T5752] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./240/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./240/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./240/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./240/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./240") = 0 mkdir("./241", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5754 attached [pid 5754] set_robust_list(0x5555562186a0, 24) = 0 [pid 5754] chdir("./241") = 0 [pid 5754] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5754] setpgid(0, 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5754 [pid 5754] <... setpgid resumed>) = 0 [pid 5754] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5754] write(3, "1000", 4) = 4 [pid 5754] close(3) = 0 [pid 5754] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5754] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5754] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5754] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5755 attached [pid 5755] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5754] <... clone3 resumed> => {parent_tid=[5755]}, 88) = 5755 [pid 5755] <... rseq resumed>) = 0 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], [pid 5755] set_robust_list(0x7f3dc90769a0, 24 [pid 5754] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5755] <... set_robust_list resumed>) = 0 [pid 5754] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5754] <... futex resumed>) = 0 [pid 5755] memfd_create("syzkaller", 0 [pid 5754] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5755] <... memfd_create resumed>) = 3 [pid 5755] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5755] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5755] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5755] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5755] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5755] close(3) = 0 [pid 5755] mkdir("./file0", 0777) = 0 [pid 5755] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5755] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5755] chdir("./file0") = 0 [pid 5755] ioctl(4, LOOP_CLR_FD) = 0 [pid 5755] close(4) = 0 [pid 5755] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5754] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... open resumed>) = 4 [pid 5755] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5754] <... futex resumed>) = 0 [pid 5755] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] <... futex resumed>) = 0 [pid 5754] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5755] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5755] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... futex resumed>) = 0 [pid 5754] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5755] <... futex resumed>) = 0 [pid 5755] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5754] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5754] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5755] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5755] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5754] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5754] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5756 attached [pid 5756] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5756] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5756] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5756] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5754] <... clone3 resumed> => {parent_tid=[5756]}, 88) = 5756 [pid 5754] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5754] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5756] <... futex resumed>) = 0 [pid 5754] <... futex resumed>) = 1 [pid 5756] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5754] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5755] <... futex resumed>) = ? [pid 5754] <... futex resumed>) = ? [pid 5756] +++ killed by SIGBUS +++ [pid 5755] +++ killed by SIGBUS +++ [pid 5754] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5754, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./241", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./241/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./241/binderfs") = 0 [ 99.837174][ T5755] loop0: detected capacity change from 0 to 2048 [ 99.852756][ T5755] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./241/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./241/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./241/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./241/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./241") = 0 mkdir("./242", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5757 attached , child_tidptr=0x555556218690) = 5757 [pid 5757] set_robust_list(0x5555562186a0, 24) = 0 [pid 5757] chdir("./242") = 0 [pid 5757] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5757] setpgid(0, 0) = 0 [pid 5757] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5757] write(3, "1000", 4) = 4 [pid 5757] close(3) = 0 [pid 5757] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5757] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5757] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5757] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5758 attached [pid 5758] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5757] <... clone3 resumed> => {parent_tid=[5758]}, 88) = 5758 [pid 5758] <... rseq resumed>) = 0 [pid 5757] rt_sigprocmask(SIG_SETMASK, [], [pid 5758] set_robust_list(0x7f3dc90769a0, 24 [pid 5757] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5758] <... set_robust_list resumed>) = 0 [pid 5757] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] rt_sigprocmask(SIG_SETMASK, [], [pid 5757] <... futex resumed>) = 0 [pid 5758] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5757] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5758] memfd_create("syzkaller", 0) = 3 [pid 5758] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5758] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5758] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5758] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5758] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5758] close(3) = 0 [pid 5758] mkdir("./file0", 0777) = 0 [pid 5758] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5758] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5758] chdir("./file0") = 0 [pid 5758] ioctl(4, LOOP_CLR_FD) = 0 [pid 5758] close(4) = 0 [pid 5758] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5758] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] <... futex resumed>) = 0 [pid 5757] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = 0 [pid 5758] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5757] <... futex resumed>) = 1 [pid 5757] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... open resumed>) = 4 [pid 5758] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5758] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] <... futex resumed>) = 0 [pid 5757] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... futex resumed>) = 0 [pid 5757] <... futex resumed>) = 1 [pid 5758] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5758] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5757] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5758] <... futex resumed>) = 0 [pid 5757] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5758] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5757] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5758] <... mmap resumed>) = 0x20000000 [pid 5757] <... futex resumed>) = 0 [pid 5757] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5757] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5758] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5758] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5757] <... mprotect resumed>) = 0 [pid 5757] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5757] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5759 attached => {parent_tid=[5759]}, 88) = 5759 [pid 5757] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5757] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5757] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5759] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5759] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5759] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5759] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5758] <... futex resumed>) = ? [pid 5759] +++ killed by SIGBUS +++ [pid 5758] +++ killed by SIGBUS +++ [pid 5757] <... futex resumed>) = ? [pid 5757] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5757, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./242", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./242/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./242/binderfs") = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./242/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./242/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./242/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./242/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./242") = 0 [ 99.935146][ T5758] loop0: detected capacity change from 0 to 2048 [ 99.948077][ T5758] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./243", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5760 attached , child_tidptr=0x555556218690) = 5760 [pid 5760] set_robust_list(0x5555562186a0, 24) = 0 [pid 5760] chdir("./243") = 0 [pid 5760] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5760] setpgid(0, 0) = 0 [pid 5760] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5760] write(3, "1000", 4) = 4 [pid 5760] close(3) = 0 [pid 5760] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5760] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5760] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5760] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5760] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5761 attached [pid 5761] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5760] <... clone3 resumed> => {parent_tid=[5761]}, 88) = 5761 [pid 5761] <... rseq resumed>) = 0 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], [pid 5761] set_robust_list(0x7f3dc90769a0, 24 [pid 5760] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5761] <... set_robust_list resumed>) = 0 [pid 5760] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5760] <... futex resumed>) = 0 [pid 5761] memfd_create("syzkaller", 0 [pid 5760] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5761] <... memfd_create resumed>) = 3 [pid 5761] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5761] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5761] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5761] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5761] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5761] close(3) = 0 [pid 5761] mkdir("./file0", 0777) = 0 [pid 5761] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5761] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5761] chdir("./file0") = 0 [pid 5761] ioctl(4, LOOP_CLR_FD) = 0 [pid 5761] close(4) = 0 [pid 5761] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5761] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5760] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... open resumed>) = 4 [pid 5761] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5761] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 0 [pid 5760] <... futex resumed>) = 1 [pid 5761] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5760] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5761] <... open resumed>) = 5 [pid 5761] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] <... futex resumed>) = 1 [pid 5760] <... futex resumed>) = 0 [pid 5760] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5761] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5760] <... futex resumed>) = 0 [pid 5761] <... mmap resumed>) = 0x20000000 [pid 5760] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5760] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5761] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5761] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5760] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5760] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5762]}, 88) = 5762 [pid 5760] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5760] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5762 attached ) = 0 [pid 5762] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5760] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5762] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5762] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5762] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5761] <... futex resumed>) = ? [pid 5760] <... futex resumed>) = ? [pid 5762] +++ killed by SIGBUS +++ [pid 5761] +++ killed by SIGBUS +++ [pid 5760] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5760, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./243", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./243/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./243/binderfs") = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./243/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./243/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./243/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./243/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./243") = 0 mkdir("./244", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5763 ./strace-static-x86_64: Process 5763 attached [pid 5763] set_robust_list(0x5555562186a0, 24) = 0 [pid 5763] chdir("./244") = 0 [pid 5763] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5763] setpgid(0, 0) = 0 [ 100.041188][ T5761] loop0: detected capacity change from 0 to 2048 [ 100.058234][ T5761] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5763] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5763] write(3, "1000", 4) = 4 [pid 5763] close(3) = 0 [pid 5763] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5763] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5763] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5763] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5763] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5764 attached => {parent_tid=[5764]}, 88) = 5764 [pid 5764] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], [pid 5764] set_robust_list(0x7f3dc90769a0, 24 [pid 5763] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5764] <... set_robust_list resumed>) = 0 [pid 5764] rt_sigprocmask(SIG_SETMASK, [], [pid 5763] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5763] <... futex resumed>) = 0 [pid 5764] memfd_create("syzkaller", 0 [pid 5763] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5764] <... memfd_create resumed>) = 3 [pid 5764] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5764] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5764] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5764] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5764] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5764] close(3) = 0 [pid 5764] mkdir("./file0", 0777) = 0 [pid 5764] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5764] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5764] chdir("./file0") = 0 [pid 5764] ioctl(4, LOOP_CLR_FD) = 0 [pid 5764] close(4) = 0 [pid 5764] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5764] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] <... futex resumed>) = 0 [pid 5763] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5764] <... futex resumed>) = 0 [pid 5764] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5764] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] <... futex resumed>) = 0 [pid 5764] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... futex resumed>) = 0 [pid 5763] <... futex resumed>) = 1 [pid 5764] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5763] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5764] <... open resumed>) = 5 [pid 5764] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5763] <... futex resumed>) = 0 [pid 5764] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5764] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5764] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5763] <... futex resumed>) = 0 [pid 5763] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5763] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5764] <... mmap resumed>) = 0x20000000 [pid 5764] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5763] <... mprotect resumed>) = 0 [pid 5764] <... futex resumed>) = 0 [pid 5763] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5764] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5763] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5763] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5765]}, 88) = 5765 [pid 5763] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5763] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5763] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5765 attached [pid 5765] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5765] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5765] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5765] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5764] <... futex resumed>) = ? [pid 5763] <... futex resumed>) = ? [pid 5765] +++ killed by SIGBUS +++ [pid 5764] +++ killed by SIGBUS +++ [pid 5763] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5763, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./244", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./244/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./244/binderfs") = 0 [ 100.152807][ T5764] loop0: detected capacity change from 0 to 2048 [ 100.168415][ T5764] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./244/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./244/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./244/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./244/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./244") = 0 mkdir("./245", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5766 ./strace-static-x86_64: Process 5766 attached [pid 5766] set_robust_list(0x5555562186a0, 24) = 0 [pid 5766] chdir("./245") = 0 [pid 5766] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5766] setpgid(0, 0) = 0 [pid 5766] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5766] write(3, "1000", 4) = 4 [pid 5766] close(3) = 0 [pid 5766] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5766] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5766] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5766] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5766] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5767]}, 88) = 5767 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5767 attached NULL, 8) = 0 [pid 5766] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5766] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5767] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5767] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5767] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5767] memfd_create("syzkaller", 0) = 3 [pid 5767] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5767] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5767] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5767] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5767] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5767] close(3) = 0 [pid 5767] mkdir("./file0", 0777) = 0 [pid 5767] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5767] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5767] chdir("./file0") = 0 [pid 5767] ioctl(4, LOOP_CLR_FD) = 0 [pid 5767] close(4) = 0 [pid 5767] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] <... futex resumed>) = 0 [pid 5767] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5766] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... open resumed>) = 4 [pid 5767] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] <... futex resumed>) = 0 [pid 5767] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5766] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5767] <... open resumed>) = 5 [pid 5767] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5766] <... futex resumed>) = 0 [pid 5767] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5767] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5766] <... futex resumed>) = 0 [pid 5767] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5766] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5767] <... mmap resumed>) = 0x20000000 [pid 5766] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5767] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5766] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5767] <... futex resumed>) = 0 [pid 5766] <... mprotect resumed>) = 0 [pid 5766] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5767] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5766] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5766] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5768 attached => {parent_tid=[5768]}, 88) = 5768 [pid 5768] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5766] rt_sigprocmask(SIG_SETMASK, [], [pid 5768] <... rseq resumed>) = 0 [pid 5766] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5768] set_robust_list(0x7f3dc0d559a0, 24 [pid 5766] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5768] <... set_robust_list resumed>) = 0 [pid 5766] <... futex resumed>) = 0 [pid 5768] rt_sigprocmask(SIG_SETMASK, [], [pid 5766] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5768] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5768] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5767] <... futex resumed>) = ? [pid 5766] <... futex resumed>) = ? [pid 5768] +++ killed by SIGBUS +++ [pid 5767] +++ killed by SIGBUS +++ [pid 5766] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5766, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./245", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./245/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./245/binderfs") = 0 [ 100.257390][ T5767] loop0: detected capacity change from 0 to 2048 [ 100.269597][ T5767] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./245/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./245/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./245/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./245/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./245") = 0 mkdir("./246", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5769 attached , child_tidptr=0x555556218690) = 5769 [pid 5769] set_robust_list(0x5555562186a0, 24) = 0 [pid 5769] chdir("./246") = 0 [pid 5769] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5769] setpgid(0, 0) = 0 [pid 5769] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5769] write(3, "1000", 4) = 4 [pid 5769] close(3) = 0 [pid 5769] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5769] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5769] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5769] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5770]}, 88) = 5770 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5769] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5770 attached [pid 5770] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5770] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5770] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5770] memfd_create("syzkaller", 0) = 3 [pid 5770] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5770] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5770] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5770] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5770] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5770] close(3) = 0 [pid 5770] mkdir("./file0", 0777) = 0 [pid 5770] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5770] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5770] chdir("./file0") = 0 [pid 5770] ioctl(4, LOOP_CLR_FD) = 0 [pid 5770] close(4) = 0 [pid 5770] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... open resumed>) = 4 [pid 5770] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5770] <... futex resumed>) = 1 [pid 5769] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5770] <... open resumed>) = 5 [pid 5770] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] <... futex resumed>) = 0 [pid 5770] <... futex resumed>) = 1 [pid 5769] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5770] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5769] <... futex resumed>) = 0 [pid 5769] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5769] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5769] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5769] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5770] <... mmap resumed>) = 0x20000000 [pid 5769] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5770] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5769] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5770] <... futex resumed>) = 0 [pid 5770] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5771 attached [pid 5771] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5769] <... clone3 resumed> => {parent_tid=[5771]}, 88) = 5771 [pid 5769] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5771] <... rseq resumed>) = 0 [pid 5771] set_robust_list(0x7f3dc0d559a0, 24 [pid 5769] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5771] <... set_robust_list resumed>) = 0 [pid 5771] rt_sigprocmask(SIG_SETMASK, [], [pid 5769] <... futex resumed>) = 0 [pid 5771] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5769] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5771] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5770] <... futex resumed>) = ? [pid 5769] <... futex resumed>) = ? [pid 5771] +++ killed by SIGBUS +++ [pid 5770] +++ killed by SIGBUS +++ [pid 5769] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5769, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./246", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 [ 100.357891][ T5770] loop0: detected capacity change from 0 to 2048 [ 100.370918][ T5770] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./246/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./246/binderfs") = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./246/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./246/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./246/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./246/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./246") = 0 mkdir("./247", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5772 attached [pid 5772] set_robust_list(0x5555562186a0, 24) = 0 [pid 5772] chdir("./247") = 0 [pid 5772] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5772] setpgid(0, 0) = 0 [pid 5772] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5772] write(3, "1000", 4) = 4 [pid 5772] close(3) = 0 [pid 5772] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5772] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5772] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5772] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5772] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5772 ./strace-static-x86_64: Process 5773 attached [pid 5772] <... clone3 resumed> => {parent_tid=[5773]}, 88) = 5773 [pid 5773] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], [pid 5773] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5772] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5772] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5773] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5773] memfd_create("syzkaller", 0) = 3 [pid 5773] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5773] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5773] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5773] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5773] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5773] close(3) = 0 [pid 5773] mkdir("./file0", 0777) = 0 [pid 5773] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5773] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5773] chdir("./file0") = 0 [pid 5773] ioctl(4, LOOP_CLR_FD) = 0 [pid 5773] close(4) = 0 [pid 5773] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5773] <... futex resumed>) = 1 [pid 5772] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5773] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5773] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5772] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5773] <... open resumed>) = 5 [pid 5773] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5772] <... futex resumed>) = 0 [pid 5772] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5773] <... futex resumed>) = 1 [pid 5772] <... futex resumed>) = 0 [pid 5773] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5772] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5773] <... futex resumed>) = 0 [pid 5773] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5772] <... mprotect resumed>) = 0 [pid 5772] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5772] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5774]}, 88) = 5774 [pid 5772] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5772] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5772] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5774 attached [pid 5774] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5774] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5774] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5774] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5773] <... futex resumed>) = ? [pid 5772] <... futex resumed>) = ? [pid 5773] +++ killed by SIGBUS +++ [pid 5774] +++ killed by SIGBUS +++ [pid 5772] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5772, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./247", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./247/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./247/binderfs") = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./247/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./247/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./247/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./247/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./247") = 0 mkdir("./248", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 100.498739][ T5773] loop0: detected capacity change from 0 to 2048 [ 100.509674][ T5773] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5775 ./strace-static-x86_64: Process 5775 attached [pid 5775] set_robust_list(0x5555562186a0, 24) = 0 [pid 5775] chdir("./248") = 0 [pid 5775] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5775] setpgid(0, 0) = 0 [pid 5775] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5775] write(3, "1000", 4) = 4 [pid 5775] close(3) = 0 [pid 5775] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5775] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5775] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5775] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5776]}, 88) = 5776 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5775] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5775] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5776 attached [pid 5776] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5776] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5776] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5776] memfd_create("syzkaller", 0) = 3 [pid 5776] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5776] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5776] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5776] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5776] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5776] close(3) = 0 [pid 5776] mkdir("./file0", 0777) = 0 [pid 5776] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5776] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5776] chdir("./file0") = 0 [pid 5776] ioctl(4, LOOP_CLR_FD) = 0 [pid 5776] close(4) = 0 [pid 5776] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5776] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5776] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5775] <... futex resumed>) = 0 [pid 5776] <... open resumed>) = 4 [pid 5775] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5776] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5775] <... futex resumed>) = 0 [pid 5776] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5775] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5776] <... open resumed>) = 5 [pid 5776] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5775] <... futex resumed>) = 0 [pid 5775] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... futex resumed>) = 1 [pid 5775] <... futex resumed>) = 0 [pid 5776] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5775] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5776] <... mmap resumed>) = 0x20000000 [pid 5775] <... futex resumed>) = 0 [pid 5775] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5776] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5776] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5775] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5775] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5775] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5777 attached => {parent_tid=[5777]}, 88) = 5777 [pid 5777] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5775] rt_sigprocmask(SIG_SETMASK, [], [pid 5777] set_robust_list(0x7f3dc0d559a0, 24 [pid 5775] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5777] <... set_robust_list resumed>) = 0 [pid 5775] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5777] rt_sigprocmask(SIG_SETMASK, [], [pid 5775] <... futex resumed>) = 0 [pid 5775] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5777] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5777] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5776] <... futex resumed>) = ? [pid 5776] +++ killed by SIGBUS +++ [pid 5775] <... futex resumed>) = ? [pid 5777] +++ killed by SIGBUS +++ [pid 5775] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5775, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./248", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./248/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./248/binderfs") = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./248/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./248/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./248/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 100.599750][ T5776] loop0: detected capacity change from 0 to 2048 [ 100.612279][ T5776] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./248/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./248") = 0 mkdir("./249", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5778 ./strace-static-x86_64: Process 5778 attached [pid 5778] set_robust_list(0x5555562186a0, 24) = 0 [pid 5778] chdir("./249") = 0 [pid 5778] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5778] setpgid(0, 0) = 0 [pid 5778] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5778] write(3, "1000", 4) = 4 [pid 5778] close(3) = 0 [pid 5778] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5778] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5778] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5778] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5779 attached => {parent_tid=[5779]}, 88) = 5779 [pid 5779] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5778] rt_sigprocmask(SIG_SETMASK, [], [pid 5779] set_robust_list(0x7f3dc90769a0, 24 [pid 5778] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5779] <... set_robust_list resumed>) = 0 [pid 5778] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] rt_sigprocmask(SIG_SETMASK, [], [pid 5778] <... futex resumed>) = 0 [pid 5779] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5778] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5779] memfd_create("syzkaller", 0) = 3 [pid 5779] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5779] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5779] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5779] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5779] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5779] close(3) = 0 [pid 5779] mkdir("./file0", 0777) = 0 [pid 5779] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5779] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5779] chdir("./file0") = 0 [pid 5779] ioctl(4, LOOP_CLR_FD) = 0 [pid 5779] close(4) = 0 [pid 5779] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5778] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5779] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5778] <... futex resumed>) = 0 [pid 5778] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... open resumed>) = 4 [pid 5779] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5778] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5778] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5779] <... open resumed>) = 5 [pid 5779] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5778] <... futex resumed>) = 0 [pid 5779] <... futex resumed>) = 1 [pid 5778] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5778] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5779] <... mmap resumed>) = 0x20000000 [pid 5778] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5779] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5779] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5778] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5778] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5778] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5780 attached [pid 5780] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5778] <... clone3 resumed> => {parent_tid=[5780]}, 88) = 5780 [pid 5778] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5778] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5778] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5780] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5780] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5780] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5779] <... futex resumed>) = ? [pid 5779] +++ killed by SIGBUS +++ [pid 5778] <... futex resumed>) = ? [pid 5780] +++ killed by SIGBUS +++ [ 100.704378][ T5779] loop0: detected capacity change from 0 to 2048 [ 100.715833][ T5779] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5778] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5778, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./249", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./249/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./249/binderfs") = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./249/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./249/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./249/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./249/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./249") = 0 mkdir("./250", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5781 attached , child_tidptr=0x555556218690) = 5781 [pid 5781] set_robust_list(0x5555562186a0, 24) = 0 [pid 5781] chdir("./250") = 0 [pid 5781] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5781] setpgid(0, 0) = 0 [pid 5781] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5781] write(3, "1000", 4) = 4 [pid 5781] close(3) = 0 [pid 5781] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5781] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5781] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5781] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5782 attached => {parent_tid=[5782]}, 88) = 5782 [pid 5782] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], [pid 5782] <... rseq resumed>) = 0 [pid 5781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5781] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5782] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5782] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5782] memfd_create("syzkaller", 0) = 3 [pid 5782] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5782] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5782] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5782] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5782] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5782] close(3) = 0 [pid 5782] mkdir("./file0", 0777) = 0 [pid 5782] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5782] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5782] chdir("./file0") = 0 [pid 5782] ioctl(4, LOOP_CLR_FD) = 0 [pid 5782] close(4) = 0 [pid 5782] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5781] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5782] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5782] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5781] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... futex resumed>) = 0 [pid 5781] <... futex resumed>) = 1 [pid 5782] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5781] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5782] <... open resumed>) = 5 [pid 5782] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5782] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5781] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5782] <... futex resumed>) = 0 [pid 5781] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5781] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5781] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5781] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5781] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5783 attached [pid 5783] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5783] set_robust_list(0x7f3dc0d559a0, 24 [pid 5781] <... clone3 resumed> => {parent_tid=[5783]}, 88) = 5783 [pid 5783] <... set_robust_list resumed>) = 0 [pid 5781] rt_sigprocmask(SIG_SETMASK, [], [pid 5783] rt_sigprocmask(SIG_SETMASK, [], [pid 5781] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5783] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5781] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 5782] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5781] <... futex resumed>) = 0 [pid 5781] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5782] <... mmap resumed>) = 0x20000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5783] <... futex resumed>) = 0 [pid 5781] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] write(6, 0x20000000, 34136651 [pid 5781] <... futex resumed>) = 0 [pid 5783] <... write resumed>) = -1 EFAULT (Bad address) [pid 5781] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = 0 [pid 5781] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] <... futex resumed>) = 1 [pid 5781] <... futex resumed>) = 0 [pid 5783] ftruncate(4, 2 [pid 5781] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5783] <... ftruncate resumed>) = 0 [pid 5782] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5783] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5781] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5783] <... futex resumed>) = 0 [pid 5781] exit_group(0 [pid 5783] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 5783] +++ exited with 0 +++ [pid 5782] <... futex resumed>) = ? [pid 5781] <... exit_group resumed>) = ? [pid 5782] +++ exited with 0 +++ [pid 5781] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5781, si_uid=0, si_status=0, si_utime=1 /* 0.01 s */, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./250", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./250/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./250/binderfs") = 0 [ 100.822751][ T5782] loop0: detected capacity change from 0 to 2048 [ 100.834886][ T5782] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./250/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./250/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./250/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./250/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./250") = 0 mkdir("./251", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5784 attached , child_tidptr=0x555556218690) = 5784 [pid 5784] set_robust_list(0x5555562186a0, 24) = 0 [pid 5784] chdir("./251") = 0 [pid 5784] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5784] setpgid(0, 0) = 0 [pid 5784] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5784] write(3, "1000", 4) = 4 [pid 5784] close(3) = 0 [pid 5784] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5784] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5784] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5784] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5784] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5784] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5784] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5784] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5785 attached => {parent_tid=[5785]}, 88) = 5785 [pid 5785] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5784] rt_sigprocmask(SIG_SETMASK, [], [pid 5785] set_robust_list(0x7f3dc90769a0, 24 [pid 5784] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5785] <... set_robust_list resumed>) = 0 [pid 5784] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] rt_sigprocmask(SIG_SETMASK, [], [pid 5784] <... futex resumed>) = 0 [pid 5785] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5785] memfd_create("syzkaller", 0 [pid 5784] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5785] <... memfd_create resumed>) = 3 [pid 5785] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5785] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5785] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5785] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5785] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5785] close(3) = 0 [pid 5785] mkdir("./file0", 0777) = 0 [pid 5785] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5785] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5785] chdir("./file0") = 0 [pid 5785] ioctl(4, LOOP_CLR_FD) = 0 [pid 5785] close(4) = 0 [pid 5785] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... futex resumed>) = 0 [pid 5784] <... futex resumed>) = 1 [pid 5785] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5784] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... open resumed>) = 4 [pid 5785] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5785] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] <... futex resumed>) = 0 [pid 5784] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] <... futex resumed>) = 0 [pid 5785] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5785] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5784] <... futex resumed>) = 0 [pid 5785] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5784] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5785] <... mmap resumed>) = 0x20000000 [pid 5785] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5785] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5784] <... futex resumed>) = 1 [pid 5784] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5785] <... futex resumed>) = 0 [pid 5784] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5785] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5784] <... futex resumed>) = ? [pid 5785] +++ killed by SIGBUS +++ [pid 5784] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5784, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./251", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./251/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./251/binderfs") = 0 [ 100.922671][ T5785] loop0: detected capacity change from 0 to 2048 [ 100.935181][ T5785] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./251/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./251/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./251/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./251/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./251") = 0 mkdir("./252", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5786 attached , child_tidptr=0x555556218690) = 5786 [pid 5786] set_robust_list(0x5555562186a0, 24) = 0 [pid 5786] chdir("./252") = 0 [pid 5786] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5786] setpgid(0, 0) = 0 [pid 5786] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5786] write(3, "1000", 4) = 4 [pid 5786] close(3) = 0 [pid 5786] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5786] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5786] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5786] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5786] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5787 attached [pid 5787] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5786] <... clone3 resumed> => {parent_tid=[5787]}, 88) = 5787 [pid 5787] <... rseq resumed>) = 0 [pid 5786] rt_sigprocmask(SIG_SETMASK, [], [pid 5787] set_robust_list(0x7f3dc90769a0, 24 [pid 5786] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5787] <... set_robust_list resumed>) = 0 [pid 5786] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5786] <... futex resumed>) = 0 [pid 5787] memfd_create("syzkaller", 0 [pid 5786] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5787] <... memfd_create resumed>) = 3 [pid 5787] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5787] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5787] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5787] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5787] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5787] close(3) = 0 [pid 5787] mkdir("./file0", 0777) = 0 [pid 5787] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5787] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5787] chdir("./file0") = 0 [pid 5787] ioctl(4, LOOP_CLR_FD) = 0 [pid 5787] close(4) = 0 [pid 5787] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5786] <... futex resumed>) = 0 [pid 5787] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5786] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... open resumed>) = 4 [pid 5787] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] <... futex resumed>) = 0 [pid 5787] <... futex resumed>) = 1 [pid 5787] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5786] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] <... open resumed>) = 5 [pid 5786] <... futex resumed>) = 0 [pid 5787] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5787] <... futex resumed>) = 0 [pid 5786] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5787] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5786] <... futex resumed>) = 0 [pid 5787] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5786] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5787] <... mmap resumed>) = 0x20000000 [pid 5786] <... futex resumed>) = 0 [pid 5786] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5786] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5787] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5786] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5787] <... futex resumed>) = 0 [pid 5786] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5787] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5786] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5788]}, 88) = 5788 [pid 5786] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5786] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5786] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5788 attached [pid 5788] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5788] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5788] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5788] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5787] <... futex resumed>) = ? [pid 5786] <... futex resumed>) = ? [pid 5787] +++ killed by SIGBUS +++ [ 101.031675][ T5787] loop0: detected capacity change from 0 to 2048 [ 101.043716][ T5787] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5788] +++ killed by SIGBUS +++ [pid 5786] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5786, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./252", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./252/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./252/binderfs") = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./252/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./252/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./252/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./252/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./252") = 0 mkdir("./253", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5789 ./strace-static-x86_64: Process 5789 attached [pid 5789] set_robust_list(0x5555562186a0, 24) = 0 [pid 5789] chdir("./253") = 0 [pid 5789] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5789] setpgid(0, 0) = 0 [pid 5789] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5789] write(3, "1000", 4) = 4 [pid 5789] close(3) = 0 [pid 5789] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5789] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5789] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5789] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5789] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5790 attached => {parent_tid=[5790]}, 88) = 5790 [pid 5790] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5790] set_robust_list(0x7f3dc90769a0, 24 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5790] <... set_robust_list resumed>) = 0 [pid 5790] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5790] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5789] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5789] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5790] memfd_create("syzkaller", 0) = 3 [pid 5790] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5790] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5790] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5790] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5790] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5790] close(3) = 0 [pid 5790] mkdir("./file0", 0777) = 0 [pid 5790] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5790] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5790] chdir("./file0") = 0 [pid 5790] ioctl(4, LOOP_CLR_FD) = 0 [pid 5790] close(4) = 0 [pid 5790] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... futex resumed>) = 0 [pid 5790] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5789] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5789] <... futex resumed>) = 0 [pid 5789] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... open resumed>) = 4 [pid 5790] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5789] <... futex resumed>) = 0 [pid 5790] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5789] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5790] <... open resumed>) = 5 [pid 5789] <... futex resumed>) = 0 [pid 5790] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5789] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5790] <... futex resumed>) = 0 [pid 5790] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5789] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5790] <... futex resumed>) = 0 [pid 5790] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5790] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5790] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5789] <... futex resumed>) = 0 [pid 5789] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5789] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5789] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5789] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5791 attached [pid 5791] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5789] <... clone3 resumed> => {parent_tid=[5791]}, 88) = 5791 [pid 5789] rt_sigprocmask(SIG_SETMASK, [], [pid 5791] <... rseq resumed>) = 0 [pid 5789] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5791] set_robust_list(0x7f3dc0d559a0, 24 [pid 5789] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5791] <... set_robust_list resumed>) = 0 [pid 5789] <... futex resumed>) = 0 [pid 5791] rt_sigprocmask(SIG_SETMASK, [], [pid 5789] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5791] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5791] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5790] <... futex resumed>) = ? [pid 5790] +++ killed by SIGBUS +++ [pid 5789] <... futex resumed>) = ? [pid 5791] +++ killed by SIGBUS +++ [pid 5789] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5789, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./253", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./253/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./253/binderfs") = 0 [ 101.156035][ T5790] loop0: detected capacity change from 0 to 2048 [ 101.168146][ T5790] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./253/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./253/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./253/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./253/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./253") = 0 mkdir("./254", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5792 ./strace-static-x86_64: Process 5792 attached [pid 5792] set_robust_list(0x5555562186a0, 24) = 0 [pid 5792] chdir("./254") = 0 [pid 5792] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5792] setpgid(0, 0) = 0 [pid 5792] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5792] write(3, "1000", 4) = 4 [pid 5792] close(3) = 0 [pid 5792] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5792] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5792] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5792] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5792] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5793]}, 88) = 5793 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5792] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5793 attached [pid 5793] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5793] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5793] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5793] memfd_create("syzkaller", 0) = 3 [pid 5793] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5793] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5793] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5793] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5793] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5793] close(3) = 0 [pid 5793] mkdir("./file0", 0777) = 0 [pid 5793] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5793] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5793] chdir("./file0") = 0 [pid 5793] ioctl(4, LOOP_CLR_FD) = 0 [pid 5793] close(4) = 0 [pid 5793] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5792] <... futex resumed>) = 0 [pid 5793] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5792] <... futex resumed>) = 0 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5792] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] <... open resumed>) = 4 [pid 5793] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5793] <... futex resumed>) = 1 [pid 5792] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5793] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5792] <... futex resumed>) = 0 [pid 5793] <... open resumed>) = 5 [pid 5792] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5793] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5792] <... futex resumed>) = 0 [pid 5792] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5793] <... futex resumed>) = 1 [pid 5793] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5793] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5793] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5792] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5792] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5794]}, 88) = 5794 [pid 5792] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5792] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5792] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5794 attached [pid 5794] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5794] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5794] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5794] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5794] +++ killed by SIGBUS +++ [pid 5793] <... futex resumed>) = ? [pid 5792] <... futex resumed>) = ? [pid 5793] +++ killed by SIGBUS +++ [pid 5792] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5792, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./254", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./254/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./254/binderfs") = 0 [ 101.295467][ T5793] loop0: detected capacity change from 0 to 2048 [ 101.306713][ T5793] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./254/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./254/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./254/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./254/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./254") = 0 mkdir("./255", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5795 attached , child_tidptr=0x555556218690) = 5795 [pid 5795] set_robust_list(0x5555562186a0, 24) = 0 [pid 5795] chdir("./255") = 0 [pid 5795] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5795] setpgid(0, 0) = 0 [pid 5795] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5795] write(3, "1000", 4) = 4 [pid 5795] close(3) = 0 [pid 5795] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5795] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5795] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5795] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5796]}, 88) = 5796 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5796 attached [pid 5795] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5795] <... futex resumed>) = 0 [pid 5796] set_robust_list(0x7f3dc90769a0, 24 [pid 5795] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5796] <... set_robust_list resumed>) = 0 [pid 5796] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5796] memfd_create("syzkaller", 0) = 3 [pid 5796] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5796] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5796] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5796] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5796] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5796] close(3) = 0 [pid 5796] mkdir("./file0", 0777) = 0 [pid 5796] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5796] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5796] chdir("./file0") = 0 [pid 5796] ioctl(4, LOOP_CLR_FD) = 0 [pid 5796] close(4) = 0 [pid 5796] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5795] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5796] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5796] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5795] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5796] <... open resumed>) = 5 [pid 5796] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5795] <... futex resumed>) = 0 [pid 5796] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5796] <... futex resumed>) = 0 [pid 5795] <... futex resumed>) = 1 [pid 5796] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5795] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5795] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5796] <... mmap resumed>) = 0x20000000 [pid 5796] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5795] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5796] <... futex resumed>) = 0 [pid 5796] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5795] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5795] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5795] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5797 attached => {parent_tid=[5797]}, 88) = 5797 [pid 5797] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5795] rt_sigprocmask(SIG_SETMASK, [], [pid 5797] <... rseq resumed>) = 0 [pid 5795] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5797] set_robust_list(0x7f3dc0d559a0, 24 [pid 5795] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5797] <... set_robust_list resumed>) = 0 [pid 5797] rt_sigprocmask(SIG_SETMASK, [], [pid 5795] <... futex resumed>) = 0 [pid 5797] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5795] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5797] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5796] <... futex resumed>) = ? [pid 5795] <... futex resumed>) = ? [pid 5797] +++ killed by SIGBUS +++ [pid 5796] +++ killed by SIGBUS +++ [pid 5795] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5795, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./255", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./255/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./255/binderfs") = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./255/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./255/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./255/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./255/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./255") = 0 mkdir("./256", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5798 attached , child_tidptr=0x555556218690) = 5798 [pid 5798] set_robust_list(0x5555562186a0, 24) = 0 [pid 5798] chdir("./256") = 0 [pid 5798] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5798] setpgid(0, 0) = 0 [pid 5798] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5798] write(3, "1000", 4) = 4 [pid 5798] close(3) = 0 [pid 5798] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5798] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5798] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5798] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5799 attached [ 101.413834][ T5796] loop0: detected capacity change from 0 to 2048 [ 101.426384][ T5796] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5799] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5798] <... clone3 resumed> => {parent_tid=[5799]}, 88) = 5799 [pid 5799] <... rseq resumed>) = 0 [pid 5799] set_robust_list(0x7f3dc90769a0, 24 [pid 5798] rt_sigprocmask(SIG_SETMASK, [], [pid 5799] <... set_robust_list resumed>) = 0 [pid 5798] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5799] rt_sigprocmask(SIG_SETMASK, [], [pid 5798] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5798] <... futex resumed>) = 0 [pid 5799] memfd_create("syzkaller", 0 [pid 5798] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5799] <... memfd_create resumed>) = 3 [pid 5799] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5799] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5799] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5799] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5799] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5799] close(3) = 0 [pid 5799] mkdir("./file0", 0777) = 0 [pid 5799] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5799] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5799] chdir("./file0") = 0 [pid 5799] ioctl(4, LOOP_CLR_FD) = 0 [pid 5799] close(4) = 0 [pid 5799] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5799] <... futex resumed>) = 0 [pid 5799] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5798] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] <... open resumed>) = 4 [pid 5799] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5798] <... futex resumed>) = 0 [pid 5799] <... open resumed>) = 5 [pid 5798] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5799] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] <... futex resumed>) = 0 [pid 5798] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... futex resumed>) = 1 [pid 5798] <... futex resumed>) = 0 [pid 5799] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5798] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5799] <... mmap resumed>) = 0x20000000 [pid 5798] <... futex resumed>) = 0 [pid 5799] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5798] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5799] <... futex resumed>) = 0 [pid 5798] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5799] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5798] <... mprotect resumed>) = 0 [pid 5798] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5798] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5800]}, 88) = 5800 [pid 5798] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5798] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5798] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5800 attached [pid 5800] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5800] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5800] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5800] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5799] <... futex resumed>) = ? [pid 5798] <... futex resumed>) = ? [pid 5800] +++ killed by SIGBUS +++ [pid 5799] +++ killed by SIGBUS +++ [pid 5798] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5798, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./256", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./256/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./256/binderfs") = 0 [ 101.497578][ T5799] loop0: detected capacity change from 0 to 2048 [ 101.514356][ T5799] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./256/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./256/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./256/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./256/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./256") = 0 mkdir("./257", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5801 attached , child_tidptr=0x555556218690) = 5801 [pid 5801] set_robust_list(0x5555562186a0, 24) = 0 [pid 5801] chdir("./257") = 0 [pid 5801] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5801] setpgid(0, 0) = 0 [pid 5801] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5801] write(3, "1000", 4) = 4 [pid 5801] close(3) = 0 [pid 5801] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5801] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5801] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5801] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5801] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5802 attached => {parent_tid=[5802]}, 88) = 5802 [pid 5802] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], [pid 5802] set_robust_list(0x7f3dc90769a0, 24 [pid 5801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5802] <... set_robust_list resumed>) = 0 [pid 5801] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] rt_sigprocmask(SIG_SETMASK, [], [pid 5801] <... futex resumed>) = 0 [pid 5802] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5801] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5802] memfd_create("syzkaller", 0) = 3 [pid 5802] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5802] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5802] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5802] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5802] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5802] close(3) = 0 [pid 5802] mkdir("./file0", 0777) = 0 [pid 5802] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5802] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5802] chdir("./file0") = 0 [pid 5802] ioctl(4, LOOP_CLR_FD) = 0 [pid 5802] close(4) = 0 [pid 5802] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = 0 [pid 5801] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] <... futex resumed>) = 1 [pid 5801] <... futex resumed>) = 0 [pid 5802] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5801] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... open resumed>) = 4 [pid 5802] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = 0 [pid 5801] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5802] <... futex resumed>) = 1 [pid 5802] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5802] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] <... futex resumed>) = 0 [pid 5802] <... futex resumed>) = 1 [pid 5801] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5802] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5801] <... futex resumed>) = 0 [pid 5802] <... mmap resumed>) = 0x20000000 [pid 5801] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5801] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5802] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5801] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5802] <... futex resumed>) = 0 [pid 5802] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5801] <... mprotect resumed>) = 0 [pid 5801] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5801] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5803 attached [pid 5803] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5801] <... clone3 resumed> => {parent_tid=[5803]}, 88) = 5803 [pid 5803] <... rseq resumed>) = 0 [pid 5801] rt_sigprocmask(SIG_SETMASK, [], [pid 5803] set_robust_list(0x7f3dc0d559a0, 24 [pid 5801] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5803] <... set_robust_list resumed>) = 0 [pid 5801] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5803] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5801] <... futex resumed>) = 0 [pid 5803] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5801] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5802] <... futex resumed>) = ? [pid 5803] +++ killed by SIGBUS +++ [pid 5802] +++ killed by SIGBUS +++ [pid 5801] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5801, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./257", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./257/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./257/binderfs") = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./257/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./257/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./257/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./257/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./257") = 0 mkdir("./258", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5804 attached , child_tidptr=0x555556218690) = 5804 [pid 5804] set_robust_list(0x5555562186a0, 24) = 0 [pid 5804] chdir("./258") = 0 [pid 5804] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5804] setpgid(0, 0) = 0 [pid 5804] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5804] write(3, "1000", 4) = 4 [pid 5804] close(3) = 0 [pid 5804] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5804] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5804] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5804] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5805 attached [pid 5805] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5804] <... clone3 resumed> => {parent_tid=[5805]}, 88) = 5805 [pid 5805] <... rseq resumed>) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5805] set_robust_list(0x7f3dc90769a0, 24 [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5805] <... set_robust_list resumed>) = 0 [pid 5804] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] <... futex resumed>) = 0 [pid 5805] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5804] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5805] memfd_create("syzkaller", 0) = 3 [pid 5805] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [ 101.595181][ T5802] loop0: detected capacity change from 0 to 2048 [ 101.612635][ T5802] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5805] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5805] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5805] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5805] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5805] close(3) = 0 [pid 5805] mkdir("./file0", 0777) = 0 [pid 5805] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5805] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5805] chdir("./file0") = 0 [pid 5805] ioctl(4, LOOP_CLR_FD) = 0 [pid 5805] close(4) = 0 [pid 5805] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5804] <... futex resumed>) = 0 [pid 5805] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5804] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... open resumed>) = 4 [pid 5805] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5804] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5805] <... open resumed>) = 5 [pid 5805] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5804] <... futex resumed>) = 0 [pid 5805] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5804] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5805] <... mmap resumed>) = 0x20000000 [pid 5804] <... futex resumed>) = 0 [pid 5804] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5804] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5804] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5804] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5804] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5806 attached [pid 5805] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5804] <... clone3 resumed> => {parent_tid=[5806]}, 88) = 5806 [pid 5806] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5805] <... futex resumed>) = 0 [pid 5804] rt_sigprocmask(SIG_SETMASK, [], [pid 5806] <... rseq resumed>) = 0 [pid 5805] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5804] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5806] set_robust_list(0x7f3dc0d559a0, 24 [pid 5804] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5806] <... set_robust_list resumed>) = 0 [pid 5804] <... futex resumed>) = 0 [pid 5806] rt_sigprocmask(SIG_SETMASK, [], [pid 5804] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5806] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5806] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5805] <... futex resumed>) = ? [pid 5805] +++ killed by SIGBUS +++ [pid 5804] <... futex resumed>) = ? [pid 5806] +++ killed by SIGBUS +++ [pid 5804] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5804, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./258", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./258/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./258/binderfs") = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./258/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./258/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./258/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 101.685335][ T5805] loop0: detected capacity change from 0 to 2048 [ 101.699498][ T5805] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./258/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./258") = 0 mkdir("./259", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5807 ./strace-static-x86_64: Process 5807 attached [pid 5807] set_robust_list(0x5555562186a0, 24) = 0 [pid 5807] chdir("./259") = 0 [pid 5807] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5807] setpgid(0, 0) = 0 [pid 5807] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5807] write(3, "1000", 4) = 4 [pid 5807] close(3) = 0 [pid 5807] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5807] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5807] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5807] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5808]}, 88) = 5808 ./strace-static-x86_64: Process 5808 attached [pid 5808] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5807] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5807] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5808] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5808] memfd_create("syzkaller", 0 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5808] <... memfd_create resumed>) = 3 [pid 5808] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5808] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5808] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5808] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5808] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5808] close(3) = 0 [pid 5808] mkdir("./file0", 0777) = 0 [pid 5808] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5808] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5808] chdir("./file0") = 0 [pid 5808] ioctl(4, LOOP_CLR_FD) = 0 [pid 5808] close(4) = 0 [pid 5808] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... futex resumed>) = 0 [pid 5807] <... futex resumed>) = 1 [pid 5808] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5807] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... open resumed>) = 4 [pid 5808] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... futex resumed>) = 0 [pid 5808] <... futex resumed>) = 1 [pid 5807] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5807] <... futex resumed>) = 0 [pid 5808] <... open resumed>) = 5 [pid 5807] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5807] <... futex resumed>) = 0 [pid 5808] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5807] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5808] <... mmap resumed>) = 0x20000000 [pid 5807] <... futex resumed>) = 0 [pid 5807] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5807] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5807] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5807] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5808] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5807] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5808] <... futex resumed>) = 0 [pid 5807] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5808] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5809 attached [pid 5809] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5807] <... clone3 resumed> => {parent_tid=[5809]}, 88) = 5809 [pid 5809] <... rseq resumed>) = 0 [pid 5807] rt_sigprocmask(SIG_SETMASK, [], [pid 5809] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5809] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5809] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5807] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5807] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5809] <... futex resumed>) = 0 [pid 5807] <... futex resumed>) = 1 [pid 5809] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5807] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5808] <... futex resumed>) = ? [pid 5807] <... futex resumed>) = ? [pid 5808] +++ killed by SIGBUS +++ [pid 5809] +++ killed by SIGBUS +++ [pid 5807] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5807, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./259", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./259/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./259/binderfs") = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./259/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./259/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./259/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./259/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./259") = 0 mkdir("./260", 0777) = 0 [ 101.795503][ T5808] loop0: detected capacity change from 0 to 2048 [ 101.809293][ T5808] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5810 ./strace-static-x86_64: Process 5810 attached [pid 5810] set_robust_list(0x5555562186a0, 24) = 0 [pid 5810] chdir("./260") = 0 [pid 5810] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5810] setpgid(0, 0) = 0 [pid 5810] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5810] write(3, "1000", 4) = 4 [pid 5810] close(3) = 0 [pid 5810] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5810] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5810] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5810] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5811 attached => {parent_tid=[5811]}, 88) = 5811 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5810] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5811] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5811] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5811] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5811] memfd_create("syzkaller", 0) = 3 [pid 5811] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5811] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5811] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5811] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5811] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5811] close(3) = 0 [pid 5811] mkdir("./file0", 0777) = 0 [pid 5811] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5811] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5811] chdir("./file0") = 0 [pid 5811] ioctl(4, LOOP_CLR_FD) = 0 [pid 5811] close(4) = 0 [pid 5811] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5810] <... futex resumed>) = 0 [pid 5811] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5810] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... open resumed>) = 4 [pid 5811] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5810] <... futex resumed>) = 0 [pid 5811] <... futex resumed>) = 1 [pid 5810] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5811] <... open resumed>) = 5 [pid 5811] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5810] <... futex resumed>) = 0 [pid 5811] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5810] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5811] <... mmap resumed>) = 0x20000000 [pid 5810] <... futex resumed>) = 0 [pid 5810] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5810] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5810] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5810] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5811] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5812 attached ) = 0 [pid 5811] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5810] <... clone3 resumed> => {parent_tid=[5812]}, 88) = 5812 [pid 5812] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5810] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5810] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5810] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5812] <... rseq resumed>) = 0 [pid 5812] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5812] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5812] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5811] <... futex resumed>) = ? [pid 5810] <... futex resumed>) = ? [pid 5811] +++ killed by SIGBUS +++ [pid 5812] +++ killed by SIGBUS +++ [pid 5810] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5810, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./260", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./260/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./260/binderfs") = 0 [ 101.907506][ T5811] loop0: detected capacity change from 0 to 2048 [ 101.919895][ T5811] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./260/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./260/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./260/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./260/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./260") = 0 mkdir("./261", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5813 ./strace-static-x86_64: Process 5813 attached [pid 5813] set_robust_list(0x5555562186a0, 24) = 0 [pid 5813] chdir("./261") = 0 [pid 5813] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5813] setpgid(0, 0) = 0 [pid 5813] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5813] write(3, "1000", 4) = 4 [pid 5813] close(3) = 0 [pid 5813] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5813] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5813] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5813] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5814]}, 88) = 5814 ./strace-static-x86_64: Process 5814 attached [pid 5814] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5813] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5813] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5814] <... rseq resumed>) = 0 [pid 5814] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5814] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5814] memfd_create("syzkaller", 0) = 3 [pid 5814] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5814] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5814] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5814] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5814] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5814] close(3) = 0 [pid 5814] mkdir("./file0", 0777) = 0 [pid 5814] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5814] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5814] chdir("./file0") = 0 [pid 5814] ioctl(4, LOOP_CLR_FD) = 0 [pid 5814] close(4) = 0 [pid 5814] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... futex resumed>) = 0 [pid 5814] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5814] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5813] <... futex resumed>) = 0 [pid 5814] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5813] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5814] <... open resumed>) = 5 [pid 5814] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] <... futex resumed>) = 0 [pid 5814] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5813] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5813] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5814] <... futex resumed>) = 0 [pid 5814] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5813] <... futex resumed>) = 0 [pid 5813] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5813] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5814] <... mmap resumed>) = 0x20000000 [pid 5813] <... mprotect resumed>) = 0 [pid 5813] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5813] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5815 attached => {parent_tid=[5815]}, 88) = 5815 [pid 5815] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5813] rt_sigprocmask(SIG_SETMASK, [], [pid 5815] <... rseq resumed>) = 0 [pid 5814] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5815] set_robust_list(0x7f3dc0d559a0, 24 [pid 5813] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5815] <... set_robust_list resumed>) = 0 [pid 5813] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5815] rt_sigprocmask(SIG_SETMASK, [], [pid 5813] <... futex resumed>) = 0 [pid 5815] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5813] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5815] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5813] <... futex resumed>) = ? [pid 5815] +++ killed by SIGBUS +++ [pid 5814] +++ killed by SIGBUS +++ [pid 5813] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5813, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./261", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./261/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./261/binderfs") = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./261/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./261/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./261/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./261/file0") = 0 [ 102.014728][ T5814] loop0: detected capacity change from 0 to 2048 [ 102.026334][ T5814] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./261") = 0 mkdir("./262", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5816 attached [pid 5816] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5816 [pid 5816] chdir("./262") = 0 [pid 5816] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5816] setpgid(0, 0) = 0 [pid 5816] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5816] write(3, "1000", 4) = 4 [pid 5816] close(3) = 0 [pid 5816] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5816] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5816] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5816] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5817 attached => {parent_tid=[5817]}, 88) = 5817 [pid 5817] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5816] rt_sigprocmask(SIG_SETMASK, [], [pid 5817] set_robust_list(0x7f3dc90769a0, 24 [pid 5816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5817] <... set_robust_list resumed>) = 0 [pid 5816] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] rt_sigprocmask(SIG_SETMASK, [], [pid 5816] <... futex resumed>) = 0 [pid 5817] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5816] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5817] memfd_create("syzkaller", 0) = 3 [pid 5817] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5817] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5817] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5817] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5817] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5817] close(3) = 0 [pid 5817] mkdir("./file0", 0777) = 0 [ 102.094561][ T5817] __do_sys_memfd_create: 36 callbacks suppressed [ 102.094579][ T5817] syz-executor183[5817]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.129432][ T5817] loop0: detected capacity change from 0 to 2048 [pid 5817] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5817] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5817] chdir("./file0") = 0 [pid 5817] ioctl(4, LOOP_CLR_FD) = 0 [pid 5817] close(4) = 0 [pid 5817] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5817] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = 0 [pid 5816] <... futex resumed>) = 1 [pid 5817] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5816] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... open resumed>) = 4 [pid 5817] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5817] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5817] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5816] <... futex resumed>) = 0 [pid 5817] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5816] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... open resumed>) = 5 [pid 5817] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5816] <... futex resumed>) = 0 [pid 5816] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5816] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5816] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5817] <... mmap resumed>) = 0x20000000 [pid 5817] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5817] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5816] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5816] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5816] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5816] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5818 attached [pid 5818] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5816] <... clone3 resumed> => {parent_tid=[5818]}, 88) = 5818 [pid 5818] set_robust_list(0x7f3dc0d559a0, 24 [pid 5816] rt_sigprocmask(SIG_SETMASK, [], [pid 5818] <... set_robust_list resumed>) = 0 [pid 5816] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5818] rt_sigprocmask(SIG_SETMASK, [], [pid 5816] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5818] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5816] <... futex resumed>) = 0 [pid 5818] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5816] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5817] <... futex resumed>) = ? [pid 5816] <... futex resumed>) = ? [pid 5818] +++ killed by SIGBUS +++ [pid 5817] +++ killed by SIGBUS +++ [pid 5816] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5816, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./262", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./262/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./262/binderfs") = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./262/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./262/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./262/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 102.147693][ T5817] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./262/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./262") = 0 mkdir("./263", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5819 ./strace-static-x86_64: Process 5819 attached [pid 5819] set_robust_list(0x5555562186a0, 24) = 0 [pid 5819] chdir("./263") = 0 [pid 5819] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5819] setpgid(0, 0) = 0 [pid 5819] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5819] write(3, "1000", 4) = 4 [pid 5819] close(3) = 0 [pid 5819] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5819] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5819] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5819] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5820 attached => {parent_tid=[5820]}, 88) = 5820 [pid 5819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5820] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5820] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5820] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5820] memfd_create("syzkaller", 0) = 3 [pid 5820] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5820] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5820] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5820] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5820] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5820] close(3) = 0 [pid 5820] mkdir("./file0", 0777) = 0 [pid 5820] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5820] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5820] chdir("./file0") = 0 [pid 5820] ioctl(4, LOOP_CLR_FD) = 0 [pid 5820] close(4) = 0 [pid 5820] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5820] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] <... futex resumed>) = 0 [pid 5819] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] <... futex resumed>) = 0 [pid 5819] <... futex resumed>) = 1 [pid 5820] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5819] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... open resumed>) = 4 [pid 5820] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5820] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5819] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5820] <... open resumed>) = 5 [pid 5820] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5819] <... futex resumed>) = 0 [pid 5819] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5820] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5819] <... futex resumed>) = 0 [pid 5820] <... mmap resumed>) = 0x20000000 [pid 5819] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5820] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5820] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5819] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5819] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5819] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5819] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5821 attached [pid 5821] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5819] <... clone3 resumed> => {parent_tid=[5821]}, 88) = 5821 [pid 5819] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5819] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5819] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5821] <... rseq resumed>) = 0 [pid 5821] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5821] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5821] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5820] <... futex resumed>) = ? [pid 5820] +++ killed by SIGBUS +++ [pid 5821] +++ killed by SIGBUS +++ [pid 5819] <... futex resumed>) = ? [pid 5819] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5819, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./263", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./263/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./263/binderfs") = 0 [ 102.225293][ T5820] syz-executor183[5820]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.248272][ T5820] loop0: detected capacity change from 0 to 2048 [ 102.259533][ T5820] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./263/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./263/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./263/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./263/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./263") = 0 mkdir("./264", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5822 attached , child_tidptr=0x555556218690) = 5822 [pid 5822] set_robust_list(0x5555562186a0, 24) = 0 [pid 5822] chdir("./264") = 0 [pid 5822] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5822] setpgid(0, 0) = 0 [pid 5822] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5822] write(3, "1000", 4) = 4 [pid 5822] close(3) = 0 [pid 5822] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5822] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5822] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5822] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5822] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5823]}, 88) = 5823 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5823 attached [pid 5823] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5823] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5822] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] rt_sigprocmask(SIG_SETMASK, [], [pid 5822] <... futex resumed>) = 0 [pid 5823] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5822] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5823] memfd_create("syzkaller", 0) = 3 [pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5823] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5823] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5823] close(3) = 0 [pid 5823] mkdir("./file0", 0777) = 0 [pid 5823] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5823] chdir("./file0") = 0 [pid 5823] ioctl(4, LOOP_CLR_FD) = 0 [pid 5823] close(4) = 0 [pid 5823] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5822] <... futex resumed>) = 0 [pid 5823] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5823] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5823] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5822] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... futex resumed>) = 0 [pid 5823] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] <... futex resumed>) = 0 [pid 5822] <... futex resumed>) = 1 [pid 5823] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5822] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5823] <... open resumed>) = 5 [pid 5823] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5822] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5823] <... futex resumed>) = 0 [pid 5822] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5823] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5822] <... futex resumed>) = 0 [pid 5822] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5822] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5823] <... mmap resumed>) = 0x20000000 [pid 5823] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5823] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5822] <... mprotect resumed>) = 0 [pid 5822] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5822] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5824 attached => {parent_tid=[5824]}, 88) = 5824 [pid 5824] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5822] rt_sigprocmask(SIG_SETMASK, [], [pid 5824] <... rseq resumed>) = 0 [pid 5824] set_robust_list(0x7f3dc0d559a0, 24 [pid 5822] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5824] <... set_robust_list resumed>) = 0 [pid 5822] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5824] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5822] <... futex resumed>) = 0 [pid 5824] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5823] <... futex resumed>) = ? [pid 5823] +++ killed by SIGBUS +++ [pid 5824] +++ killed by SIGBUS +++ [pid 5822] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5822, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./264", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./264/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./264/binderfs") = 0 [ 102.339701][ T5823] syz-executor183[5823]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.363890][ T5823] loop0: detected capacity change from 0 to 2048 [ 102.376280][ T5823] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./264/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./264/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./264/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./264/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./264") = 0 mkdir("./265", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5825 ./strace-static-x86_64: Process 5825 attached [pid 5825] set_robust_list(0x5555562186a0, 24) = 0 [pid 5825] chdir("./265") = 0 [pid 5825] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5825] setpgid(0, 0) = 0 [pid 5825] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5825] write(3, "1000", 4) = 4 [pid 5825] close(3) = 0 [pid 5825] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5825] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5825] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5825] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5825] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5825] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5825] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5825] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5826]}, 88) = 5826 ./strace-static-x86_64: Process 5826 attached [pid 5826] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5825] rt_sigprocmask(SIG_SETMASK, [], [pid 5826] <... rseq resumed>) = 0 [pid 5825] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] set_robust_list(0x7f3dc90769a0, 24 [pid 5825] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... set_robust_list resumed>) = 0 [pid 5825] <... futex resumed>) = 0 [pid 5826] rt_sigprocmask(SIG_SETMASK, [], [pid 5825] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5826] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5826] memfd_create("syzkaller", 0) = 3 [pid 5826] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5826] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5826] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5826] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5826] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5826] close(3) = 0 [pid 5826] mkdir("./file0", 0777) = 0 [ 102.446275][ T5826] syz-executor183[5826]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.479088][ T5826] loop0: detected capacity change from 0 to 2048 [pid 5826] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5826] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5826] chdir("./file0") = 0 [pid 5826] ioctl(4, LOOP_CLR_FD) = 0 [pid 5826] close(4) = 0 [pid 5826] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5825] <... futex resumed>) = 0 [pid 5825] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... open resumed>) = 4 [pid 5826] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5825] <... futex resumed>) = 0 [pid 5826] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5825] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... open resumed>) = 5 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5825] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5826] <... futex resumed>) = 0 [pid 5825] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5826] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5825] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] <... mmap resumed>) = 0x20000000 [pid 5825] <... futex resumed>) = 0 [pid 5826] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5826] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5825] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5826] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5825] <... futex resumed>) = 0 [pid 5826] +++ killed by SIGBUS +++ [pid 5825] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5825, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./265", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./265/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./265/binderfs") = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./265/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./265/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./265/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./265/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./265") = 0 [ 102.495179][ T5826] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./266", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5827 attached , child_tidptr=0x555556218690) = 5827 [pid 5827] set_robust_list(0x5555562186a0, 24) = 0 [pid 5827] chdir("./266") = 0 [pid 5827] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5827] setpgid(0, 0) = 0 [pid 5827] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5827] write(3, "1000", 4) = 4 [pid 5827] close(3) = 0 [pid 5827] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5827] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5827] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5827] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5827] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5828 attached [pid 5828] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5828] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5828] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5828] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] <... clone3 resumed> => {parent_tid=[5828]}, 88) = 5828 [pid 5827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5827] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = 0 [pid 5827] <... futex resumed>) = 1 [pid 5828] memfd_create("syzkaller", 0 [pid 5827] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5828] <... memfd_create resumed>) = 3 [pid 5828] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5828] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5828] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5828] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5828] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5828] close(3) = 0 [pid 5828] mkdir("./file0", 0777) = 0 [pid 5828] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5828] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5828] chdir("./file0") = 0 [pid 5828] ioctl(4, LOOP_CLR_FD) = 0 [pid 5828] close(4) = 0 [pid 5828] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5827] <... futex resumed>) = 0 [pid 5828] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5827] <... futex resumed>) = 0 [pid 5827] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... open resumed>) = 4 [pid 5828] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5827] <... futex resumed>) = 0 [pid 5828] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5828] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5827] <... futex resumed>) = 0 [pid 5827] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5828] <... open resumed>) = 5 [pid 5828] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5827] <... futex resumed>) = 0 [pid 5828] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5828] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5827] <... futex resumed>) = 0 [pid 5828] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5827] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5827] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5828] <... mmap resumed>) = 0x20000000 [pid 5827] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5828] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5827] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5828] <... futex resumed>) = 0 [pid 5827] <... mprotect resumed>) = 0 [pid 5828] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5827] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5829 attached => {parent_tid=[5829]}, 88) = 5829 [pid 5829] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5829] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5829] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5829] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5827] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5827] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5829] <... futex resumed>) = 0 [pid 5827] <... futex resumed>) = 1 [ 102.573116][ T5828] syz-executor183[5828]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.597856][ T5828] loop0: detected capacity change from 0 to 2048 [ 102.609936][ T5828] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5827] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5829] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5829] +++ killed by SIGBUS +++ [pid 5827] <... futex resumed>) = ? [pid 5828] <... futex resumed>) = ? [pid 5828] +++ killed by SIGBUS +++ [pid 5827] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5827, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./266", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./266/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./266/binderfs") = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./266/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./266/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./266/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./266/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./266") = 0 mkdir("./267", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5830 attached , child_tidptr=0x555556218690) = 5830 [pid 5830] set_robust_list(0x5555562186a0, 24) = 0 [pid 5830] chdir("./267") = 0 [pid 5830] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5830] setpgid(0, 0) = 0 [pid 5830] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5830] write(3, "1000", 4) = 4 [pid 5830] close(3) = 0 [pid 5830] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5830] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5830] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5830] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5831 attached => {parent_tid=[5831]}, 88) = 5831 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5830] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5830] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5831] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5831] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5831] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5831] memfd_create("syzkaller", 0) = 3 [pid 5831] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5831] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5831] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5831] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5831] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5831] close(3) = 0 [pid 5831] mkdir("./file0", 0777) = 0 [pid 5831] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5831] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5831] chdir("./file0") = 0 [pid 5831] ioctl(4, LOOP_CLR_FD) = 0 [pid 5831] close(4) = 0 [pid 5831] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] <... futex resumed>) = 0 [pid 5831] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5830] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5831] <... open resumed>) = 4 [pid 5831] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5831] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] <... futex resumed>) = 0 [pid 5830] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5831] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5831] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5831] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5830] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... futex resumed>) = 0 [pid 5830] <... futex resumed>) = 1 [pid 5831] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5830] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5831] <... mmap resumed>) = 0x20000000 [pid 5830] <... futex resumed>) = 0 [pid 5831] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5830] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5831] <... futex resumed>) = 0 [pid 5830] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5831] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5830] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5830] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5830] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5832]}, 88) = 5832 [pid 5830] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5832 attached [pid 5832] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5830] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5832] <... rseq resumed>) = 0 [pid 5832] set_robust_list(0x7f3dc0d559a0, 24 [pid 5830] <... futex resumed>) = 0 [pid 5832] <... set_robust_list resumed>) = 0 [pid 5830] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5832] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5832] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5831] <... futex resumed>) = ? [pid 5830] <... futex resumed>) = ? [pid 5832] +++ killed by SIGBUS +++ [pid 5831] +++ killed by SIGBUS +++ [pid 5830] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5830, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./267", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./267/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./267/binderfs") = 0 [ 102.695054][ T5831] syz-executor183[5831]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.718094][ T5831] loop0: detected capacity change from 0 to 2048 [ 102.729732][ T5831] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./267/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./267/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./267/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./267/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./267") = 0 mkdir("./268", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5833 ./strace-static-x86_64: Process 5833 attached [pid 5833] set_robust_list(0x5555562186a0, 24) = 0 [pid 5833] chdir("./268") = 0 [pid 5833] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5833] setpgid(0, 0) = 0 [pid 5833] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5833] write(3, "1000", 4) = 4 [pid 5833] close(3) = 0 [pid 5833] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5833] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5833] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5833] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5834]}, 88) = 5834 ./strace-static-x86_64: Process 5834 attached [pid 5834] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], [pid 5834] set_robust_list(0x7f3dc90769a0, 24 [pid 5833] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5833] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5834] <... set_robust_list resumed>) = 0 [pid 5834] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5834] memfd_create("syzkaller", 0) = 3 [pid 5834] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5834] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5834] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5834] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5834] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5834] close(3) = 0 [pid 5834] mkdir("./file0", 0777) = 0 [pid 5834] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5834] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5834] chdir("./file0") = 0 [pid 5834] ioctl(4, LOOP_CLR_FD) = 0 [pid 5834] close(4) = 0 [pid 5834] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = 0 [pid 5834] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5833] <... futex resumed>) = 1 [pid 5833] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... open resumed>) = 4 [pid 5834] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] <... futex resumed>) = 0 [pid 5834] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5834] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5833] <... futex resumed>) = 0 [pid 5834] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5833] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5834] <... open resumed>) = 5 [pid 5834] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5834] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5833] <... futex resumed>) = 0 [pid 5833] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5833] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5833] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5834] <... futex resumed>) = 0 [pid 5833] <... mprotect resumed>) = 0 [pid 5834] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5833] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5834] <... mmap resumed>) = 0x20000000 [pid 5833] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5833] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5835]}, 88) = 5835 [pid 5833] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5835 attached [pid 5833] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5833] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5835] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5834] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5834] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5835] <... rseq resumed>) = 0 [pid 5835] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5835] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5835] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5833] <... futex resumed>) = ? [pid 5834] <... futex resumed>) = ? [pid 5835] +++ killed by SIGBUS +++ [pid 5834] +++ killed by SIGBUS +++ [pid 5833] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5833, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./268", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./268/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 102.809170][ T5834] syz-executor183[5834]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.834960][ T5834] loop0: detected capacity change from 0 to 2048 [ 102.846887][ T5834] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./268/binderfs") = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./268/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./268/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./268/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./268/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./268") = 0 mkdir("./269", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5836 attached , child_tidptr=0x555556218690) = 5836 [pid 5836] set_robust_list(0x5555562186a0, 24) = 0 [pid 5836] chdir("./269") = 0 [pid 5836] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5836] setpgid(0, 0) = 0 [pid 5836] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5836] write(3, "1000", 4) = 4 [pid 5836] close(3) = 0 [pid 5836] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5836] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5836] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5836] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5837 attached => {parent_tid=[5837]}, 88) = 5837 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5836] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5837] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5837] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5837] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5837] memfd_create("syzkaller", 0) = 3 [pid 5837] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5837] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5837] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5837] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5837] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5837] close(3) = 0 [pid 5837] mkdir("./file0", 0777) = 0 [pid 5837] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5837] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5837] chdir("./file0") = 0 [pid 5837] ioctl(4, LOOP_CLR_FD) = 0 [pid 5837] close(4) = 0 [pid 5837] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5837] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5837] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5836] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... open resumed>) = 4 [pid 5837] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5837] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5837] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5836] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5837] <... open resumed>) = 5 [pid 5837] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5836] <... futex resumed>) = 0 [pid 5837] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5837] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5836] <... futex resumed>) = 0 [pid 5837] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5836] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5837] <... mmap resumed>) = 0x20000000 [pid 5836] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5837] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5837] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5836] <... mprotect resumed>) = 0 [pid 5836] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5836] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5838]}, 88) = 5838 [pid 5836] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5836] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5836] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5838 attached [pid 5838] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5838] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5838] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5838] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5837] <... futex resumed>) = ? [pid 5837] +++ killed by SIGBUS +++ [pid 5836] <... futex resumed>) = ? [pid 5838] +++ killed by SIGBUS +++ [ 102.937848][ T5837] syz-executor183[5837]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 102.960544][ T5837] loop0: detected capacity change from 0 to 2048 [ 102.971742][ T5837] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5836] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5836, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./269", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./269/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./269/binderfs") = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./269/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./269/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./269/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./269/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./269") = 0 mkdir("./270", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5839 attached , child_tidptr=0x555556218690) = 5839 [pid 5839] set_robust_list(0x5555562186a0, 24) = 0 [pid 5839] chdir("./270") = 0 [pid 5839] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5839] setpgid(0, 0) = 0 [pid 5839] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5839] write(3, "1000", 4) = 4 [pid 5839] close(3) = 0 [pid 5839] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5839] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5839] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5839] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5840 attached => {parent_tid=[5840]}, 88) = 5840 [pid 5840] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5840] set_robust_list(0x7f3dc90769a0, 24 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5840] <... set_robust_list resumed>) = 0 [pid 5839] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] rt_sigprocmask(SIG_SETMASK, [], [pid 5839] <... futex resumed>) = 0 [pid 5840] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5839] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5840] memfd_create("syzkaller", 0) = 3 [pid 5840] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5840] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5840] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5840] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5840] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5840] close(3) = 0 [pid 5840] mkdir("./file0", 0777) = 0 [pid 5840] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5840] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5840] chdir("./file0") = 0 [pid 5840] ioctl(4, LOOP_CLR_FD) = 0 [pid 5840] close(4) = 0 [pid 5840] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5840] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5839] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... open resumed>) = 4 [pid 5840] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5839] <... futex resumed>) = 0 [pid 5840] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5839] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5840] <... open resumed>) = 5 [pid 5840] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5839] <... futex resumed>) = 0 [pid 5840] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5839] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5840] <... mmap resumed>) = 0x20000000 [pid 5839] <... futex resumed>) = 0 [pid 5839] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5839] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5839] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5839] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5841 attached [pid 5840] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5841] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5840] <... futex resumed>) = 0 [pid 5839] <... clone3 resumed> => {parent_tid=[5841]}, 88) = 5841 [pid 5841] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5840] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] rt_sigprocmask(SIG_SETMASK, [], [pid 5841] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5839] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5841] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5839] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5839] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5841] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5841] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5839] <... futex resumed>) = ? [pid 5840] <... futex resumed>) = ? [pid 5840] +++ killed by SIGBUS +++ [ 103.052582][ T5840] syz-executor183[5840]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 103.075677][ T5840] loop0: detected capacity change from 0 to 2048 [ 103.087196][ T5840] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5841] +++ killed by SIGBUS +++ [pid 5839] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5839, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./270", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./270/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./270/binderfs") = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./270/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./270/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./270/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./270/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./270") = 0 mkdir("./271", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached , child_tidptr=0x555556218690) = 5842 [pid 5842] set_robust_list(0x5555562186a0, 24) = 0 [pid 5842] chdir("./271") = 0 [pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5842] setpgid(0, 0) = 0 [pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5842] write(3, "1000", 4) = 4 [pid 5842] close(3) = 0 [pid 5842] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5842] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5842] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5842] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5843]}, 88) = 5843 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5842] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5842] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5843 attached [pid 5843] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5843] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5843] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5843] memfd_create("syzkaller", 0) = 3 [pid 5843] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5843] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5843] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5843] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5843] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5843] close(3) = 0 [pid 5843] mkdir("./file0", 0777) = 0 [pid 5843] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5843] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5843] chdir("./file0") = 0 [pid 5843] ioctl(4, LOOP_CLR_FD) = 0 [pid 5843] close(4) = 0 [pid 5843] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5843] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] <... futex resumed>) = 0 [pid 5842] <... futex resumed>) = 1 [pid 5843] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5842] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... open resumed>) = 4 [pid 5843] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5842] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5843] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5842] <... futex resumed>) = 0 [pid 5842] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] <... futex resumed>) = 1 [pid 5842] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5843] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5842] <... futex resumed>) = 0 [pid 5843] <... mmap resumed>) = 0x20000000 [pid 5842] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5842] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5843] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5843] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5842] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5844 attached [pid 5844] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5842] <... clone3 resumed> => {parent_tid=[5844]}, 88) = 5844 [pid 5844] <... rseq resumed>) = 0 [pid 5844] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5844] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5842] rt_sigprocmask(SIG_SETMASK, [], [pid 5844] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5842] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5842] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5844] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5842] <... futex resumed>) = 0 [pid 5844] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5842] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5843] <... futex resumed>) = ? [pid 5842] <... futex resumed>) = ? [pid 5843] +++ killed by SIGBUS +++ [pid 5844] +++ killed by SIGBUS +++ [pid 5842] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5842, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./271", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./271/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./271/binderfs") = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./271/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./271/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./271/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 103.181310][ T5843] syz-executor183[5843]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 103.208665][ T5843] loop0: detected capacity change from 0 to 2048 [ 103.219071][ T5843] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./271/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./271") = 0 mkdir("./272", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5845 attached , child_tidptr=0x555556218690) = 5845 [pid 5845] set_robust_list(0x5555562186a0, 24) = 0 [pid 5845] chdir("./272") = 0 [pid 5845] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5845] setpgid(0, 0) = 0 [pid 5845] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5845] write(3, "1000", 4) = 4 [pid 5845] close(3) = 0 [pid 5845] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5845] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5845] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5845] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5846]}, 88) = 5846 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5845] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5845] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5846 attached [pid 5846] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5846] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5846] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5846] memfd_create("syzkaller", 0) = 3 [pid 5846] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5846] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5846] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5846] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5846] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5846] close(3) = 0 [pid 5846] mkdir("./file0", 0777) = 0 [pid 5846] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5846] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5846] chdir("./file0") = 0 [pid 5846] ioctl(4, LOOP_CLR_FD) = 0 [pid 5846] close(4) = 0 [pid 5846] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5846] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 1 [pid 5846] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5845] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... open resumed>) = 4 [pid 5846] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5846] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] <... futex resumed>) = 0 [pid 5845] <... futex resumed>) = 1 [pid 5846] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5845] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5846] <... open resumed>) = 5 [pid 5846] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5845] <... futex resumed>) = 0 [pid 5846] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5845] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5846] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5845] <... futex resumed>) = 0 [pid 5846] <... mmap resumed>) = 0x20000000 [pid 5845] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5845] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5846] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5846] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5845] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5845] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5847 attached => {parent_tid=[5847]}, 88) = 5847 [pid 5847] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5845] rt_sigprocmask(SIG_SETMASK, [], [pid 5847] <... rseq resumed>) = 0 [pid 5845] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5847] set_robust_list(0x7f3dc0d559a0, 24 [pid 5845] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5847] <... set_robust_list resumed>) = 0 [pid 5847] rt_sigprocmask(SIG_SETMASK, [], [pid 5845] <... futex resumed>) = 0 [pid 5847] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5845] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5847] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5845] <... futex resumed>) = ? [pid 5846] <... futex resumed>) = ? [pid 5846] +++ killed by SIGBUS +++ [pid 5847] +++ killed by SIGBUS +++ [pid 5845] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5845, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./272", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./272/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./272/binderfs") = 0 [ 103.310468][ T5846] loop0: detected capacity change from 0 to 2048 [ 103.330123][ T5846] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./272/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./272/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./272/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./272/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./272") = 0 mkdir("./273", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5848 attached [pid 5848] set_robust_list(0x5555562186a0, 24) = 0 [pid 5848] chdir("./273" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5848 [pid 5848] <... chdir resumed>) = 0 [pid 5848] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5848] setpgid(0, 0) = 0 [pid 5848] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5848] write(3, "1000", 4) = 4 [pid 5848] close(3) = 0 [pid 5848] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5848] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5848] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5848] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5849]}, 88) = 5849 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5848] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5848] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5849 attached [pid 5849] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5849] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5849] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5849] memfd_create("syzkaller", 0) = 3 [pid 5849] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5849] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5849] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5849] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5849] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5849] close(3) = 0 [pid 5849] mkdir("./file0", 0777) = 0 [pid 5849] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5849] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5849] chdir("./file0") = 0 [pid 5849] ioctl(4, LOOP_CLR_FD) = 0 [pid 5849] close(4) = 0 [pid 5849] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5849] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] <... futex resumed>) = 0 [pid 5849] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5848] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... open resumed>) = 4 [pid 5849] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5849] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] <... futex resumed>) = 0 [pid 5849] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5848] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5849] <... open resumed>) = 5 [pid 5849] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5848] <... futex resumed>) = 0 [pid 5849] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5848] <... futex resumed>) = 0 [pid 5849] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5848] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5849] <... mmap resumed>) = 0x20000000 [pid 5848] <... futex resumed>) = 0 [pid 5849] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5848] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5849] <... futex resumed>) = 0 [pid 5848] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5849] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5848] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5848] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5848] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5850 attached => {parent_tid=[5850]}, 88) = 5850 [pid 5848] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5850] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5848] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5850] <... rseq resumed>) = 0 [pid 5848] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5850] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5850] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5850] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5849] <... futex resumed>) = ? [pid 5849] +++ killed by SIGBUS +++ [pid 5848] <... futex resumed>) = ? [pid 5850] +++ killed by SIGBUS +++ [pid 5848] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5848, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./273", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./273/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./273/binderfs") = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./273/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 103.420823][ T5849] loop0: detected capacity change from 0 to 2048 [ 103.432929][ T5849] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./273/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./273/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./273/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./273") = 0 mkdir("./274", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5851 attached [pid 5851] set_robust_list(0x5555562186a0, 24 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5851 [pid 5851] <... set_robust_list resumed>) = 0 [pid 5851] chdir("./274") = 0 [pid 5851] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5851] setpgid(0, 0) = 0 [pid 5851] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5851] write(3, "1000", 4) = 4 [pid 5851] close(3) = 0 [pid 5851] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5851] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5851] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5851] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5851] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5852 attached => {parent_tid=[5852]}, 88) = 5852 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], [pid 5852] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5851] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5852] <... rseq resumed>) = 0 [pid 5851] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5852] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5852] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5852] memfd_create("syzkaller", 0) = 3 [pid 5852] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5852] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5852] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5852] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5852] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5852] close(3) = 0 [pid 5852] mkdir("./file0", 0777) = 0 [pid 5852] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5852] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5852] chdir("./file0") = 0 [pid 5852] ioctl(4, LOOP_CLR_FD) = 0 [pid 5852] close(4) = 0 [pid 5852] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5852] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5851] <... futex resumed>) = 0 [pid 5851] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5851] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5852] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5852] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5852] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5851] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5851] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5852] <... futex resumed>) = 0 [pid 5851] <... futex resumed>) = 1 [pid 5852] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5851] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5851] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5853]}, 88) = 5853 [pid 5851] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5851] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5853 attached [pid 5853] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5851] <... futex resumed>) = 0 [pid 5853] <... rseq resumed>) = 0 [pid 5851] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5853] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5853] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5853] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5851] <... futex resumed>) = ? [pid 5852] <... futex resumed>) = ? [pid 5852] +++ killed by SIGBUS +++ [pid 5853] +++ killed by SIGBUS +++ [pid 5851] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5851, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=0} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./274", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./274/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 103.546138][ T5852] loop0: detected capacity change from 0 to 2048 [ 103.558203][ T5852] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./274/binderfs") = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./274/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./274/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./274/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./274/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./274") = 0 mkdir("./275", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5854 ./strace-static-x86_64: Process 5854 attached [pid 5854] set_robust_list(0x5555562186a0, 24) = 0 [pid 5854] chdir("./275") = 0 [pid 5854] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5854] setpgid(0, 0) = 0 [pid 5854] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5854] write(3, "1000", 4) = 4 [pid 5854] close(3) = 0 [pid 5854] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5854] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5854] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5854] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5854] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5855 attached => {parent_tid=[5855]}, 88) = 5855 [pid 5855] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], [pid 5855] set_robust_list(0x7f3dc90769a0, 24 [pid 5854] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5855] <... set_robust_list resumed>) = 0 [pid 5854] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] <... futex resumed>) = 0 [pid 5855] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5854] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5855] memfd_create("syzkaller", 0) = 3 [pid 5855] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5855] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5855] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5855] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5855] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5855] close(3) = 0 [pid 5855] mkdir("./file0", 0777) = 0 [pid 5855] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5855] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5855] chdir("./file0") = 0 [pid 5855] ioctl(4, LOOP_CLR_FD) = 0 [pid 5855] close(4) = 0 [pid 5855] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5854] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] <... open resumed>) = 4 [pid 5855] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] <... futex resumed>) = 1 [pid 5854] <... futex resumed>) = 0 [pid 5855] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5854] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5855] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... futex resumed>) = 0 [pid 5854] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5855] <... futex resumed>) = 1 [pid 5854] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5855] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5854] <... futex resumed>) = 0 [pid 5855] <... mmap resumed>) = 0x20000000 [pid 5854] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5854] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5855] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5854] <... mprotect resumed>) = 0 [pid 5855] <... futex resumed>) = 0 [pid 5855] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5854] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5854] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5856]}, 88) = 5856 [pid 5854] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5854] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5856 attached [pid 5856] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5854] <... futex resumed>) = 0 [pid 5856] <... rseq resumed>) = 0 [pid 5856] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5856] rt_sigprocmask(SIG_SETMASK, [], [pid 5854] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5856] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5856] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5855] <... futex resumed>) = ? [pid 5854] <... futex resumed>) = ? [pid 5856] +++ killed by SIGBUS +++ [pid 5855] +++ killed by SIGBUS +++ [pid 5854] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5854, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./275", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./275/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./275/binderfs") = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./275/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./275/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./275/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./275/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./275") = 0 [ 103.660705][ T5855] loop0: detected capacity change from 0 to 2048 [ 103.671931][ T5855] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./276", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5857 attached , child_tidptr=0x555556218690) = 5857 [pid 5857] set_robust_list(0x5555562186a0, 24) = 0 [pid 5857] chdir("./276") = 0 [pid 5857] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5857] setpgid(0, 0) = 0 [pid 5857] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5857] write(3, "1000", 4) = 4 [pid 5857] close(3) = 0 [pid 5857] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5857] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5857] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5857] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5858 attached [pid 5858] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5857] <... clone3 resumed> => {parent_tid=[5858]}, 88) = 5858 [pid 5858] <... rseq resumed>) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5858] set_robust_list(0x7f3dc90769a0, 24 [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5858] <... set_robust_list resumed>) = 0 [pid 5857] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] <... futex resumed>) = 0 [pid 5858] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5858] memfd_create("syzkaller", 0) = 3 [pid 5858] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5858] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5858] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5858] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5858] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5858] close(3) = 0 [pid 5858] mkdir("./file0", 0777) = 0 [pid 5858] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5858] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5858] chdir("./file0") = 0 [pid 5858] ioctl(4, LOOP_CLR_FD) = 0 [pid 5858] close(4) = 0 [pid 5858] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5857] <... futex resumed>) = 0 [pid 5858] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5858] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5857] <... futex resumed>) = 0 [pid 5858] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5857] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] <... open resumed>) = 4 [pid 5858] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5858] <... futex resumed>) = 1 [pid 5858] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5858] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] <... futex resumed>) = 0 [pid 5857] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5857] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5858] <... futex resumed>) = 1 [pid 5857] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5858] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0x7f3dc0d35000 [pid 5857] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5858] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5857] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5858] <... futex resumed>) = 0 [pid 5858] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5857] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5857] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5859 attached => {parent_tid=[5859]}, 88) = 5859 [pid 5859] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5857] rt_sigprocmask(SIG_SETMASK, [], [pid 5859] set_robust_list(0x7f3dc0d559a0, 24 [pid 5857] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5859] <... set_robust_list resumed>) = 0 [pid 5857] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5859] rt_sigprocmask(SIG_SETMASK, [], [pid 5857] <... futex resumed>) = 0 [pid 5859] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5857] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5859] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5858] <... futex resumed>) = ? [pid 5858] +++ killed by SIGBUS +++ [pid 5857] <... futex resumed>) = ? [pid 5859] +++ killed by SIGBUS +++ [pid 5857] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5857, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./276", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./276/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./276/binderfs") = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./276/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./276/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./276/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./276/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./276") = 0 mkdir("./277", 0777) = 0 [ 103.742649][ T5858] loop0: detected capacity change from 0 to 2048 [ 103.767587][ T5858] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5860 attached , child_tidptr=0x555556218690) = 5860 [pid 5860] set_robust_list(0x5555562186a0, 24) = 0 [pid 5860] chdir("./277") = 0 [pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5860] setpgid(0, 0) = 0 [pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5860] write(3, "1000", 4) = 4 [pid 5860] close(3) = 0 [pid 5860] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5860] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5860] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5860] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5861 attached => {parent_tid=[5861]}, 88) = 5861 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5861] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5861] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5861] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5861] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5861] <... futex resumed>) = 0 [pid 5860] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5861] memfd_create("syzkaller", 0) = 3 [pid 5861] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5861] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5861] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5861] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5861] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5861] close(3) = 0 [pid 5861] mkdir("./file0", 0777) = 0 [pid 5861] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5861] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5861] chdir("./file0") = 0 [pid 5861] ioctl(4, LOOP_CLR_FD) = 0 [pid 5861] close(4) = 0 [pid 5861] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5860] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] <... futex resumed>) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5860] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] <... open resumed>) = 4 [pid 5861] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... futex resumed>) = 0 [pid 5861] <... futex resumed>) = 1 [pid 5860] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5861] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5860] <... futex resumed>) = 0 [pid 5861] <... open resumed>) = 5 [pid 5860] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5861] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5860] <... futex resumed>) = 0 [pid 5861] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5860] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5860] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5860] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5861] <... mmap resumed>) = 0x20000000 [pid 5861] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5860] <... mprotect resumed>) = 0 [pid 5860] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5860] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5861] <... futex resumed>) = 0 [pid 5861] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5862 attached [pid 5860] <... clone3 resumed> => {parent_tid=[5862]}, 88) = 5862 [pid 5862] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5860] rt_sigprocmask(SIG_SETMASK, [], [pid 5862] set_robust_list(0x7f3dc0d559a0, 24 [pid 5860] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5862] <... set_robust_list resumed>) = 0 [pid 5860] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5862] rt_sigprocmask(SIG_SETMASK, [], [pid 5860] <... futex resumed>) = 0 [pid 5862] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5860] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5862] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5860] <... futex resumed>) = ? [pid 5861] <... futex resumed>) = ? [pid 5861] +++ killed by SIGBUS +++ [pid 5862] +++ killed by SIGBUS +++ [pid 5860] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5860, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./277", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./277/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./277/binderfs") = 0 [ 103.859646][ T5861] loop0: detected capacity change from 0 to 2048 [ 103.870162][ T5861] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./277/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./277/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./277/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./277/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./277") = 0 mkdir("./278", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5863 ./strace-static-x86_64: Process 5863 attached [pid 5863] set_robust_list(0x5555562186a0, 24) = 0 [pid 5863] chdir("./278") = 0 [pid 5863] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5863] setpgid(0, 0) = 0 [pid 5863] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5863] write(3, "1000", 4) = 4 [pid 5863] close(3) = 0 [pid 5863] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5863] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5863] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5863] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5863] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5864]}, 88) = 5864 ./strace-static-x86_64: Process 5864 attached [pid 5863] rt_sigprocmask(SIG_SETMASK, [], [pid 5864] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5864] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5863] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5864] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5864] memfd_create("syzkaller", 0) = 3 [pid 5864] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5864] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5864] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5864] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5864] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5864] close(3) = 0 [pid 5864] mkdir("./file0", 0777) = 0 [pid 5864] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5864] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5864] chdir("./file0") = 0 [pid 5864] ioctl(4, LOOP_CLR_FD) = 0 [pid 5864] close(4) = 0 [pid 5864] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5863] <... futex resumed>) = 0 [pid 5864] <... futex resumed>) = 1 [pid 5863] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5864] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5864] <... open resumed>) = 4 [pid 5864] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] <... futex resumed>) = 0 [pid 5863] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5864] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5864] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5863] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5863] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5864] <... futex resumed>) = 0 [pid 5864] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5863] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5863] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5865]}, 88) = 5865 [pid 5863] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5863] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5863] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5865 attached [pid 5865] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5865] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5865] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5865] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5863] <... futex resumed>) = ? [pid 5864] <... futex resumed>) = ? [pid 5865] +++ killed by SIGBUS +++ [pid 5864] +++ killed by SIGBUS +++ [pid 5863] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5863, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./278", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./278/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./278/binderfs") = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./278/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./278/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./278/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 103.976542][ T5864] loop0: detected capacity change from 0 to 2048 [ 103.988901][ T5864] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./278/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./278") = 0 mkdir("./279", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5866 ./strace-static-x86_64: Process 5866 attached [pid 5866] set_robust_list(0x5555562186a0, 24) = 0 [pid 5866] chdir("./279") = 0 [pid 5866] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5866] setpgid(0, 0) = 0 [pid 5866] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5866] write(3, "1000", 4) = 4 [pid 5866] close(3) = 0 [pid 5866] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5866] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5866] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5866] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5867 attached => {parent_tid=[5867]}, 88) = 5867 [pid 5867] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], [pid 5867] <... rseq resumed>) = 0 [pid 5866] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] set_robust_list(0x7f3dc90769a0, 24 [pid 5866] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... set_robust_list resumed>) = 0 [pid 5866] <... futex resumed>) = 0 [pid 5867] rt_sigprocmask(SIG_SETMASK, [], [pid 5866] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5867] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5867] memfd_create("syzkaller", 0) = 3 [pid 5867] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5867] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5867] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5867] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5867] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5867] close(3) = 0 [pid 5867] mkdir("./file0", 0777) = 0 [pid 5867] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5867] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5867] chdir("./file0") = 0 [pid 5867] ioctl(4, LOOP_CLR_FD) = 0 [pid 5867] close(4) = 0 [pid 5867] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5866] <... futex resumed>) = 0 [pid 5866] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] <... futex resumed>) = 1 [pid 5866] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5867] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5867] <... futex resumed>) = 0 [pid 5866] <... futex resumed>) = 1 [pid 5867] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5866] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5867] <... open resumed>) = 5 [pid 5867] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5866] <... futex resumed>) = 0 [pid 5867] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5866] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5867] <... mmap resumed>) = 0x20000000 [pid 5866] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5866] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5867] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5866] <... mprotect resumed>) = 0 [pid 5867] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5866] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5866] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5868 attached => {parent_tid=[5868]}, 88) = 5868 [pid 5866] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5866] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 104.077253][ T5867] loop0: detected capacity change from 0 to 2048 [ 104.090856][ T5867] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5866] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5868] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5868] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5868] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5868] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5867] <... futex resumed>) = ? [pid 5867] +++ killed by SIGBUS +++ [pid 5866] <... futex resumed>) = ? [pid 5868] +++ killed by SIGBUS +++ [pid 5866] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5866, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./279", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./279/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./279/binderfs") = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./279/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./279/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./279/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./279/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./279") = 0 mkdir("./280", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5869 attached , child_tidptr=0x555556218690) = 5869 [pid 5869] set_robust_list(0x5555562186a0, 24) = 0 [pid 5869] chdir("./280") = 0 [pid 5869] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5869] setpgid(0, 0) = 0 [pid 5869] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5869] write(3, "1000", 4) = 4 [pid 5869] close(3) = 0 [pid 5869] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5869] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5869] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5869] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5870 attached => {parent_tid=[5870]}, 88) = 5870 [pid 5870] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5869] rt_sigprocmask(SIG_SETMASK, [], [pid 5870] set_robust_list(0x7f3dc90769a0, 24 [pid 5869] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5870] <... set_robust_list resumed>) = 0 [pid 5870] rt_sigprocmask(SIG_SETMASK, [], [pid 5869] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5870] memfd_create("syzkaller", 0) = 3 [pid 5870] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5870] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5870] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5870] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5870] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5870] close(3) = 0 [pid 5870] mkdir("./file0", 0777) = 0 [pid 5870] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5870] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5870] chdir("./file0") = 0 [pid 5870] ioctl(4, LOOP_CLR_FD) = 0 [pid 5870] close(4) = 0 [pid 5870] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5870] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] <... futex resumed>) = 0 [pid 5870] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5869] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5870] <... futex resumed>) = 0 [pid 5870] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5870] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5870] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... futex resumed>) = 0 [pid 5869] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5870] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5870] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5869] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5869] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5870] <... mmap resumed>) = 0x20000000 [pid 5869] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5870] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5870] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] <... mprotect resumed>) = 0 [pid 5869] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5869] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5871 attached [pid 5871] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5871] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5871] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] <... clone3 resumed> => {parent_tid=[5871]}, 88) = 5871 [pid 5871] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5869] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5869] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5871] <... futex resumed>) = 0 [pid 5869] <... futex resumed>) = 1 [pid 5871] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5869] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5870] <... futex resumed>) = ? [pid 5870] +++ killed by SIGBUS +++ [pid 5871] +++ killed by SIGBUS +++ [pid 5869] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5869, si_uid=0, si_status=SIGBUS, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- umount2("./280", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./280/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./280/binderfs") = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./280/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./280/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./280/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./280/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./280") = 0 mkdir("./281", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 104.201272][ T5870] loop0: detected capacity change from 0 to 2048 [ 104.213539][ T5870] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5872 attached , child_tidptr=0x555556218690) = 5872 [pid 5872] set_robust_list(0x5555562186a0, 24) = 0 [pid 5872] chdir("./281") = 0 [pid 5872] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5872] setpgid(0, 0) = 0 [pid 5872] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5872] write(3, "1000", 4) = 4 [pid 5872] close(3) = 0 [pid 5872] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5872] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5872] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5872] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5872] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5873 attached [pid 5873] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5872] <... clone3 resumed> => {parent_tid=[5873]}, 88) = 5873 [pid 5873] <... rseq resumed>) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5873] set_robust_list(0x7f3dc90769a0, 24 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5873] <... set_robust_list resumed>) = 0 [pid 5872] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... futex resumed>) = 0 [pid 5873] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5873] memfd_create("syzkaller", 0) = 3 [pid 5873] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5873] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5873] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5873] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5873] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5873] close(3) = 0 [pid 5873] mkdir("./file0", 0777) = 0 [pid 5873] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5873] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5873] chdir("./file0") = 0 [pid 5873] ioctl(4, LOOP_CLR_FD) = 0 [pid 5873] close(4) = 0 [pid 5873] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5872] <... futex resumed>) = 0 [pid 5873] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5873] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5873] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5873] <... open resumed>) = 4 [pid 5873] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... futex resumed>) = 0 [pid 5872] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5873] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5873] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5872] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5873] <... futex resumed>) = 0 [pid 5873] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5873] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5872] <... futex resumed>) = 0 [pid 5873] <... futex resumed>) = 0 [pid 5872] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5873] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5872] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5872] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5872] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5872] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5874 attached [pid 5874] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5872] <... clone3 resumed> => {parent_tid=[5874]}, 88) = 5874 [pid 5874] <... rseq resumed>) = 0 [pid 5872] rt_sigprocmask(SIG_SETMASK, [], [pid 5874] set_robust_list(0x7f3dc0d559a0, 24 [pid 5872] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5874] <... set_robust_list resumed>) = 0 [pid 5872] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5874] rt_sigprocmask(SIG_SETMASK, [], [pid 5872] <... futex resumed>) = 0 [pid 5874] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5872] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5874] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5873] <... futex resumed>) = ? [pid 5872] <... futex resumed>) = ? [pid 5873] +++ killed by SIGBUS +++ [pid 5874] +++ killed by SIGBUS +++ [pid 5872] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5872, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./281", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 104.312915][ T5873] loop0: detected capacity change from 0 to 2048 [ 104.325225][ T5873] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./281/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./281/binderfs") = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./281/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./281/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./281/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./281/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./281") = 0 mkdir("./282", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5875 attached , child_tidptr=0x555556218690) = 5875 [pid 5875] set_robust_list(0x5555562186a0, 24) = 0 [pid 5875] chdir("./282") = 0 [pid 5875] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5875] setpgid(0, 0) = 0 [pid 5875] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5875] write(3, "1000", 4) = 4 [pid 5875] close(3) = 0 [pid 5875] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5875] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5875] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5875] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5876 attached [pid 5876] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5876] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5876] rt_sigprocmask(SIG_SETMASK, [], [pid 5875] <... clone3 resumed> => {parent_tid=[5876]}, 88) = 5876 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5876] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5875] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5876] memfd_create("syzkaller", 0) = 3 [pid 5876] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5876] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5876] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5876] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5876] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5876] close(3) = 0 [pid 5876] mkdir("./file0", 0777) = 0 [pid 5876] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5876] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5876] chdir("./file0") = 0 [pid 5876] ioctl(4, LOOP_CLR_FD) = 0 [pid 5876] close(4) = 0 [pid 5876] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5876] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5876] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5875] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] <... open resumed>) = 4 [pid 5876] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5876] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5875] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5876] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5875] <... futex resumed>) = 0 [pid 5876] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5875] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5876] <... open resumed>) = 5 [pid 5876] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5875] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5875] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5875] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5875] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5876] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5877] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5875] <... clone3 resumed> => {parent_tid=[5877]}, 88) = 5877 [pid 5877] <... rseq resumed>) = 0 [pid 5876] <... mmap resumed>) = 0x20000000 [pid 5875] rt_sigprocmask(SIG_SETMASK, [], [pid 5877] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5875] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5877] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5875] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5877] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5875] <... futex resumed>) = 0 [pid 5875] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5877] +++ killed by SIGBUS +++ [pid 5876] +++ killed by SIGBUS +++ [pid 5875] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5875, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./282", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./282/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./282/binderfs") = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./282/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./282/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./282/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./282/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./282") = 0 mkdir("./283", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached , child_tidptr=0x555556218690) = 5878 [pid 5878] set_robust_list(0x5555562186a0, 24) = 0 [ 104.427999][ T5876] loop0: detected capacity change from 0 to 2048 [ 104.439590][ T5876] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5878] chdir("./283") = 0 [pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5878] setpgid(0, 0) = 0 [pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5878] write(3, "1000", 4) = 4 [pid 5878] close(3) = 0 [pid 5878] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5878] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5878] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5878] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5878] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5878] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5878] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5878] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5879 attached [pid 5879] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5878] <... clone3 resumed> => {parent_tid=[5879]}, 88) = 5879 [pid 5879] <... rseq resumed>) = 0 [pid 5878] rt_sigprocmask(SIG_SETMASK, [], [pid 5879] set_robust_list(0x7f3dc90769a0, 24 [pid 5878] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5879] <... set_robust_list resumed>) = 0 [pid 5878] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5878] <... futex resumed>) = 0 [pid 5879] memfd_create("syzkaller", 0 [pid 5878] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5879] <... memfd_create resumed>) = 3 [pid 5879] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5879] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5879] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5879] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5879] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5879] close(3) = 0 [pid 5879] mkdir("./file0", 0777) = 0 [pid 5879] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5879] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5879] chdir("./file0") = 0 [pid 5879] ioctl(4, LOOP_CLR_FD) = 0 [pid 5879] close(4) = 0 [pid 5879] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5879] <... futex resumed>) = 0 [pid 5879] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5878] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5879] <... open resumed>) = 4 [pid 5879] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5878] <... futex resumed>) = 0 [pid 5879] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5878] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... open resumed>) = 5 [pid 5878] <... futex resumed>) = 0 [pid 5879] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5879] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5878] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5878] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5878] <... futex resumed>) = 1 [pid 5878] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5879] <... futex resumed>) = 0 [pid 5879] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5879] +++ killed by SIGBUS +++ [pid 5878] <... futex resumed>) = ? [pid 5878] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5878, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./283", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./283/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./283/binderfs") = 0 [ 104.513826][ T5879] loop0: detected capacity change from 0 to 2048 [ 104.529678][ T5879] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./283/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./283/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./283/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./283/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./283") = 0 mkdir("./284", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5880 ./strace-static-x86_64: Process 5880 attached [pid 5880] set_robust_list(0x5555562186a0, 24) = 0 [pid 5880] chdir("./284") = 0 [pid 5880] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5880] setpgid(0, 0) = 0 [pid 5880] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5880] write(3, "1000", 4) = 4 [pid 5880] close(3) = 0 [pid 5880] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5880] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5880] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5880] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5881 attached [pid 5881] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5880] <... clone3 resumed> => {parent_tid=[5881]}, 88) = 5881 [pid 5881] <... rseq resumed>) = 0 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5881] set_robust_list(0x7f3dc90769a0, 24 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5881] <... set_robust_list resumed>) = 0 [pid 5880] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5881] memfd_create("syzkaller", 0 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5881] <... memfd_create resumed>) = 3 [pid 5881] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5881] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5881] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5881] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5881] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5881] close(3) = 0 [pid 5881] mkdir("./file0", 0777) = 0 [pid 5881] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5881] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5881] chdir("./file0") = 0 [pid 5881] ioctl(4, LOOP_CLR_FD) = 0 [pid 5881] close(4) = 0 [pid 5881] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5881] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5880] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5881] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5880] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5881] <... open resumed>) = 5 [pid 5881] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5881] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5880] <... futex resumed>) = 0 [pid 5880] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5880] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5881] <... mmap resumed>) = 0x20000000 [pid 5881] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5881] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5880] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5880] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5880] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5880] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5882 attached => {parent_tid=[5882]}, 88) = 5882 [pid 5882] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5880] rt_sigprocmask(SIG_SETMASK, [], [pid 5882] <... rseq resumed>) = 0 [pid 5880] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] set_robust_list(0x7f3dc0d559a0, 24 [pid 5880] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5882] <... set_robust_list resumed>) = 0 [ 104.639304][ T5881] loop0: detected capacity change from 0 to 2048 [ 104.650581][ T5881] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5880] <... futex resumed>) = 0 [pid 5882] rt_sigprocmask(SIG_SETMASK, [], [pid 5880] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5882] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5882] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5881] <... futex resumed>) = ? [pid 5881] +++ killed by SIGBUS +++ [pid 5880] <... futex resumed>) = ? [pid 5882] +++ killed by SIGBUS +++ [pid 5880] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5880, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./284", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./284/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./284/binderfs") = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./284/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./284/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./284/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./284/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./284") = 0 mkdir("./285", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5883 attached , child_tidptr=0x555556218690) = 5883 [pid 5883] set_robust_list(0x5555562186a0, 24) = 0 [pid 5883] chdir("./285") = 0 [pid 5883] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5883] setpgid(0, 0) = 0 [pid 5883] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5883] write(3, "1000", 4) = 4 [pid 5883] close(3) = 0 [pid 5883] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5883] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5883] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5883] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5883] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5883] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5884]}, 88) = 5884 [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5883] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5884 attached [pid 5884] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5884] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5884] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5884] memfd_create("syzkaller", 0) = 3 [pid 5884] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5884] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5884] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5884] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5884] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5884] close(3) = 0 [pid 5884] mkdir("./file0", 0777) = 0 [pid 5884] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5884] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5884] chdir("./file0") = 0 [pid 5884] ioctl(4, LOOP_CLR_FD) = 0 [pid 5884] close(4) = 0 [pid 5884] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5884] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5884] <... futex resumed>) = 0 [pid 5884] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5883] <... futex resumed>) = 1 [pid 5883] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... open resumed>) = 4 [pid 5884] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5884] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5883] <... futex resumed>) = 0 [pid 5883] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5883] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5883] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5884] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[5885]}, 88) = 5885 ./strace-static-x86_64: Process 5885 attached [pid 5883] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5883] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5884] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5883] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5884] <... futex resumed>) = 0 [pid 5884] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5885] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5885] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5885] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5885] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5883] <... futex resumed>) = ? [pid 5885] +++ killed by SIGBUS +++ [pid 5884] <... futex resumed>) = ? [pid 5884] +++ killed by SIGBUS +++ [pid 5883] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5883, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./285", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./285/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./285/binderfs") = 0 [ 104.769796][ T5884] loop0: detected capacity change from 0 to 2048 [ 104.782478][ T5884] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./285/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./285/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./285/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./285/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./285") = 0 mkdir("./286", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5886 attached , child_tidptr=0x555556218690) = 5886 [pid 5886] set_robust_list(0x5555562186a0, 24) = 0 [pid 5886] chdir("./286") = 0 [pid 5886] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5886] setpgid(0, 0) = 0 [pid 5886] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5886] write(3, "1000", 4) = 4 [pid 5886] close(3) = 0 [pid 5886] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5886] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5886] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5886] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5886] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5887]}, 88) = 5887 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5886] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 5887 attached [pid 5886] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5887] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5887] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5887] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5887] memfd_create("syzkaller", 0) = 3 [pid 5887] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5887] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5887] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5887] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5887] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5887] close(3) = 0 [pid 5887] mkdir("./file0", 0777) = 0 [pid 5887] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5887] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5887] chdir("./file0") = 0 [pid 5887] ioctl(4, LOOP_CLR_FD) = 0 [pid 5887] close(4) = 0 [pid 5887] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5887] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [pid 5887] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5886] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... open resumed>) = 4 [pid 5887] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5887] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [pid 5887] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5886] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5887] <... open resumed>) = 5 [pid 5887] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5886] <... futex resumed>) = 0 [pid 5887] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5886] <... futex resumed>) = 0 [pid 5887] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5886] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5887] <... mmap resumed>) = 0x20000000 [pid 5886] <... futex resumed>) = 0 [pid 5886] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5887] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5886] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5887] <... futex resumed>) = 0 [pid 5887] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5886] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5886] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5886] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5888 attached => {parent_tid=[5888]}, 88) = 5888 [pid 5888] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5886] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5888] <... rseq resumed>) = 0 [pid 5886] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5888] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5888] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5888] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5887] <... futex resumed>) = ? [pid 5886] <... futex resumed>) = ? [pid 5888] +++ killed by SIGBUS +++ [pid 5887] +++ killed by SIGBUS +++ [pid 5886] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5886, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./286", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./286/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./286/binderfs") = 0 [ 104.876950][ T5887] loop0: detected capacity change from 0 to 2048 [ 104.889741][ T5887] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./286/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./286/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./286/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./286/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./286") = 0 mkdir("./287", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5889 ./strace-static-x86_64: Process 5889 attached [pid 5889] set_robust_list(0x5555562186a0, 24) = 0 [pid 5889] chdir("./287") = 0 [pid 5889] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5889] setpgid(0, 0) = 0 [pid 5889] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5889] write(3, "1000", 4) = 4 [pid 5889] close(3) = 0 [pid 5889] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5889] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5889] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5889] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5890 attached [pid 5890] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5890] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5890] rt_sigprocmask(SIG_SETMASK, [], [pid 5889] <... clone3 resumed> => {parent_tid=[5890]}, 88) = 5890 [pid 5890] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] rt_sigprocmask(SIG_SETMASK, [], [pid 5890] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5889] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 0 [pid 5889] <... futex resumed>) = 1 [pid 5890] memfd_create("syzkaller", 0 [pid 5889] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5890] <... memfd_create resumed>) = 3 [pid 5890] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5890] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5890] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5890] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5890] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5890] close(3) = 0 [pid 5890] mkdir("./file0", 0777) = 0 [pid 5890] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5890] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5890] chdir("./file0") = 0 [pid 5890] ioctl(4, LOOP_CLR_FD) = 0 [pid 5890] close(4) = 0 [pid 5890] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5890] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5889] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] <... futex resumed>) = 0 [pid 5890] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5890] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5890] <... futex resumed>) = 1 [pid 5889] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5889] <... futex resumed>) = 0 [pid 5890] <... open resumed>) = 5 [pid 5889] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5890] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5889] <... futex resumed>) = 0 [pid 5889] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5890] <... futex resumed>) = 1 [pid 5889] <... futex resumed>) = 0 [pid 5890] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5889] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5890] <... mmap resumed>) = 0x20000000 [pid 5889] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5889] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5889] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5891 attached [pid 5890] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] <... clone3 resumed> => {parent_tid=[5891]}, 88) = 5891 [pid 5890] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5889] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5889] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5889] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5891] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5891] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5891] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5891] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5889] <... futex resumed>) = ? [pid 5890] <... futex resumed>) = ? [pid 5890] +++ killed by SIGBUS +++ [pid 5891] +++ killed by SIGBUS +++ [pid 5889] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5889, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./287", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./287/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./287/binderfs") = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./287/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./287/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./287/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./287/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./287") = 0 mkdir("./288", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 104.983811][ T5890] loop0: detected capacity change from 0 to 2048 [ 104.995276][ T5890] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5892 ./strace-static-x86_64: Process 5892 attached [pid 5892] set_robust_list(0x5555562186a0, 24) = 0 [pid 5892] chdir("./288") = 0 [pid 5892] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5892] setpgid(0, 0) = 0 [pid 5892] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5892] write(3, "1000", 4) = 4 [pid 5892] close(3) = 0 [pid 5892] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5892] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5892] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5892] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5893]}, 88) = 5893 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5893 attached NULL, 8) = 0 [pid 5892] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5893] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5893] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5893] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5893] memfd_create("syzkaller", 0) = 3 [pid 5893] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5893] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5893] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5893] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5893] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5893] close(3) = 0 [pid 5893] mkdir("./file0", 0777) = 0 [pid 5893] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5893] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5893] chdir("./file0") = 0 [pid 5893] ioctl(4, LOOP_CLR_FD) = 0 [pid 5893] close(4) = 0 [pid 5893] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... futex resumed>) = 1 [pid 5893] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5893] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] <... futex resumed>) = 1 [pid 5893] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5893] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5892] <... futex resumed>) = 0 [pid 5892] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5892] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5893] <... futex resumed>) = 1 [pid 5892] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5893] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<[], 8) = 0 [pid 5892] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5894 attached => {parent_tid=[5894]}, 88) = 5894 [pid 5892] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5892] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5892] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5893] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5893] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5894] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5894] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5894] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5894] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5892] <... futex resumed>) = ? [pid 5894] +++ killed by SIGBUS +++ [pid 5893] <... futex resumed>) = ? [pid 5893] +++ killed by SIGBUS +++ [pid 5892] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5892, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./288", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./288/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./288/binderfs") = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./288/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./288/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./288/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 105.088323][ T5893] loop0: detected capacity change from 0 to 2048 [ 105.100171][ T5893] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./288/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./288") = 0 mkdir("./289", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5895 attached , child_tidptr=0x555556218690) = 5895 [pid 5895] set_robust_list(0x5555562186a0, 24) = 0 [pid 5895] chdir("./289") = 0 [pid 5895] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5895] setpgid(0, 0) = 0 [pid 5895] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5895] write(3, "1000", 4) = 4 [pid 5895] close(3) = 0 [pid 5895] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5895] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5895] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5895] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5896 attached [pid 5896] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5895] <... clone3 resumed> => {parent_tid=[5896]}, 88) = 5896 [pid 5896] <... rseq resumed>) = 0 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5896] set_robust_list(0x7f3dc90769a0, 24 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5896] <... set_robust_list resumed>) = 0 [pid 5895] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... futex resumed>) = 0 [pid 5896] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5896] memfd_create("syzkaller", 0) = 3 [pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5896] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5896] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5896] close(3) = 0 [pid 5896] mkdir("./file0", 0777) = 0 [pid 5896] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5896] chdir("./file0") = 0 [pid 5896] ioctl(4, LOOP_CLR_FD) = 0 [pid 5896] close(4) = 0 [pid 5896] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5895] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] <... futex resumed>) = 1 [pid 5896] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5896] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5895] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5896] <... futex resumed>) = 1 [pid 5896] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5896] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] <... futex resumed>) = 0 [pid 5895] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5895] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5896] <... futex resumed>) = 1 [pid 5895] <... futex resumed>) = 0 [pid 5895] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5896] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5895] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5896] <... mmap resumed>) = 0x20000000 [pid 5895] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5895] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5895] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5897 attached => {parent_tid=[5897]}, 88) = 5897 [pid 5897] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5896] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5895] rt_sigprocmask(SIG_SETMASK, [], [pid 5897] <... rseq resumed>) = 0 [pid 5896] <... futex resumed>) = 0 [pid 5895] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5897] set_robust_list(0x7f3dc0d559a0, 24 [pid 5896] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5895] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5897] <... set_robust_list resumed>) = 0 [pid 5897] rt_sigprocmask(SIG_SETMASK, [], [pid 5895] <... futex resumed>) = 0 [pid 5897] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5895] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5897] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5896] <... futex resumed>) = ? [pid 5896] +++ killed by SIGBUS +++ [pid 5895] <... futex resumed>) = ? [pid 5897] +++ killed by SIGBUS +++ [pid 5895] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5895, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./289", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./289/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./289/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./289/binderfs") = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.191512][ T5896] loop0: detected capacity change from 0 to 2048 [ 105.205142][ T5896] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./289/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./289/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./289/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./289/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./289") = 0 mkdir("./290", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5898 ./strace-static-x86_64: Process 5898 attached [pid 5898] set_robust_list(0x5555562186a0, 24) = 0 [pid 5898] chdir("./290") = 0 [pid 5898] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5898] setpgid(0, 0) = 0 [pid 5898] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5898] write(3, "1000", 4) = 4 [pid 5898] close(3) = 0 [pid 5898] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5898] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5898] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5898] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5899 attached => {parent_tid=[5899]}, 88) = 5899 [pid 5899] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5899] set_robust_list(0x7f3dc90769a0, 24 [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5899] <... set_robust_list resumed>) = 0 [pid 5898] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] <... futex resumed>) = 0 [pid 5899] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5899] memfd_create("syzkaller", 0) = 3 [pid 5899] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5899] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5899] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5899] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5899] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5899] close(3) = 0 [pid 5899] mkdir("./file0", 0777) = 0 [pid 5899] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5899] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5899] chdir("./file0") = 0 [pid 5899] ioctl(4, LOOP_CLR_FD) = 0 [pid 5899] close(4) = 0 [pid 5899] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5898] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5898] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] <... futex resumed>) = 1 [pid 5899] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5899] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 0 [pid 5899] <... futex resumed>) = 1 [pid 5899] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] <... futex resumed>) = 0 [pid 5899] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5899] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5898] <... futex resumed>) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5898] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5899] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5898] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5899] <... futex resumed>) = 0 [pid 5898] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5899] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5898] <... futex resumed>) = 0 [pid 5899] <... mmap resumed>) = 0x20000000 [pid 5898] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5898] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5899] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5899] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5898] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5898] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5900 attached => {parent_tid=[5900]}, 88) = 5900 [pid 5900] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5898] rt_sigprocmask(SIG_SETMASK, [], [pid 5900] set_robust_list(0x7f3dc0d559a0, 24 [pid 5898] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5900] <... set_robust_list resumed>) = 0 [pid 5898] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5900] rt_sigprocmask(SIG_SETMASK, [], [pid 5898] <... futex resumed>) = 0 [pid 5900] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5898] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5900] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5899] <... futex resumed>) = ? [pid 5899] +++ killed by SIGBUS +++ [pid 5898] <... futex resumed>) = ? [pid 5900] +++ killed by SIGBUS +++ [pid 5898] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5898, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./290", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./290/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./290/binderfs") = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./290/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./290/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./290/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 105.307074][ T5899] loop0: detected capacity change from 0 to 2048 [ 105.319580][ T5899] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./290/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./290") = 0 mkdir("./291", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5901 attached , child_tidptr=0x555556218690) = 5901 [pid 5901] set_robust_list(0x5555562186a0, 24) = 0 [pid 5901] chdir("./291") = 0 [pid 5901] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5901] setpgid(0, 0) = 0 [pid 5901] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5901] write(3, "1000", 4) = 4 [pid 5901] close(3) = 0 [pid 5901] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5901] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5901] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5901] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5902 attached => {parent_tid=[5902]}, 88) = 5902 [pid 5902] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5902] set_robust_list(0x7f3dc90769a0, 24 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5902] <... set_robust_list resumed>) = 0 [pid 5901] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5902] rt_sigprocmask(SIG_SETMASK, [], [pid 5901] <... futex resumed>) = 0 [pid 5902] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5902] memfd_create("syzkaller", 0) = 3 [pid 5902] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5902] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5902] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5902] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5902] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5902] close(3) = 0 [pid 5902] mkdir("./file0", 0777) = 0 [pid 5902] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5902] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5902] chdir("./file0") = 0 [pid 5902] ioctl(4, LOOP_CLR_FD) = 0 [pid 5902] close(4) = 0 [pid 5902] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5902] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5901] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] <... open resumed>) = 4 [pid 5902] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5902] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5901] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5901] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5901] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5901] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5903 attached [pid 5902] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< => {parent_tid=[5903]}, 88) = 5903 [pid 5901] rt_sigprocmask(SIG_SETMASK, [], [pid 5903] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5901] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5901] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5903] <... rseq resumed>) = 0 [pid 5903] set_robust_list(0x7f3dc0d559a0, 24 [pid 5901] <... futex resumed>) = 0 [pid 5901] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5902] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5902] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5903] <... set_robust_list resumed>) = 0 [pid 5903] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5903] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5901] <... futex resumed>) = ? [pid 5902] <... futex resumed>) = ? [pid 5902] +++ killed by SIGBUS +++ [pid 5903] +++ killed by SIGBUS +++ [pid 5901] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5901, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./291", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./291/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./291/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./291/binderfs") = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 105.401296][ T5902] loop0: detected capacity change from 0 to 2048 [ 105.412326][ T5902] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./291/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./291/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./291/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./291/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./291") = 0 mkdir("./292", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5904 attached , child_tidptr=0x555556218690) = 5904 [pid 5904] set_robust_list(0x5555562186a0, 24) = 0 [pid 5904] chdir("./292") = 0 [pid 5904] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5904] setpgid(0, 0) = 0 [pid 5904] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5904] write(3, "1000", 4) = 4 [pid 5904] close(3) = 0 [pid 5904] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5904] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5904] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5904] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5904] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5905 attached => {parent_tid=[5905]}, 88) = 5905 [pid 5905] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5905] <... rseq resumed>) = 0 [pid 5905] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5905] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5905] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5904] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5904] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5905] memfd_create("syzkaller", 0) = 3 [pid 5905] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5905] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5905] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5905] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5905] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5905] close(3) = 0 [pid 5905] mkdir("./file0", 0777) = 0 [pid 5905] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5905] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5905] chdir("./file0") = 0 [pid 5905] ioctl(4, LOOP_CLR_FD) = 0 [pid 5905] close(4) = 0 [pid 5905] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] <... futex resumed>) = 0 [pid 5905] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5904] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... open resumed>) = 4 [pid 5905] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5904] <... futex resumed>) = 0 [pid 5905] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5905] <... futex resumed>) = 0 [pid 5905] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5904] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5905] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5904] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... futex resumed>) = 0 [pid 5904] <... futex resumed>) = 1 [pid 5905] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5904] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5905] <... mmap resumed>) = 0x20000000 [pid 5904] <... futex resumed>) = 0 [pid 5905] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5904] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5905] <... futex resumed>) = 0 [pid 5904] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5905] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5904] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5904] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5904] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5906 attached [pid 5906] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5904] <... clone3 resumed> => {parent_tid=[5906]}, 88) = 5906 [pid 5906] <... rseq resumed>) = 0 [pid 5904] rt_sigprocmask(SIG_SETMASK, [], [pid 5906] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5904] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5906] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5904] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5906] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5904] <... futex resumed>) = 0 [pid 5904] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5905] <... futex resumed>) = ? [pid 5904] <... futex resumed>) = ? [pid 5905] +++ killed by SIGBUS +++ [pid 5906] +++ killed by SIGBUS +++ [pid 5904] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5904, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./292", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./292/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./292/binderfs") = 0 [ 105.502524][ T5905] loop0: detected capacity change from 0 to 2048 [ 105.512974][ T5905] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./292/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./292/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./292/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./292/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./292") = 0 mkdir("./293", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5907 attached , child_tidptr=0x555556218690) = 5907 [pid 5907] set_robust_list(0x5555562186a0, 24) = 0 [pid 5907] chdir("./293") = 0 [pid 5907] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5907] setpgid(0, 0) = 0 [pid 5907] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5907] write(3, "1000", 4) = 4 [pid 5907] close(3) = 0 [pid 5907] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5907] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5907] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5907] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5908 attached => {parent_tid=[5908]}, 88) = 5908 [pid 5908] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], [pid 5908] <... rseq resumed>) = 0 [pid 5907] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5908] set_robust_list(0x7f3dc90769a0, 24 [pid 5907] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... set_robust_list resumed>) = 0 [pid 5908] rt_sigprocmask(SIG_SETMASK, [], [pid 5907] <... futex resumed>) = 0 [pid 5908] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5907] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5908] memfd_create("syzkaller", 0) = 3 [pid 5908] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5908] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5908] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5908] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5908] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5908] close(3) = 0 [pid 5908] mkdir("./file0", 0777) = 0 [pid 5908] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5908] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5908] chdir("./file0") = 0 [pid 5908] ioctl(4, LOOP_CLR_FD) = 0 [pid 5908] close(4) = 0 [pid 5908] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = 0 [pid 5908] <... futex resumed>) = 1 [pid 5907] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5907] <... futex resumed>) = 0 [pid 5908] <... open resumed>) = 4 [pid 5907] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5908] <... futex resumed>) = 0 [pid 5907] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5907] <... futex resumed>) = 0 [pid 5907] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5908] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5907] <... futex resumed>) = 0 [pid 5908] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5907] <... futex resumed>) = 0 [pid 5908] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5907] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5908] <... mmap resumed>) = 0x20000000 [pid 5907] <... futex resumed>) = 0 [pid 5907] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5907] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5908] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5907] <... mprotect resumed>) = 0 [pid 5908] <... futex resumed>) = 0 [pid 5908] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5907] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5907] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5909]}, 88) = 5909 [pid 5907] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5907] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5907] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5909 attached [pid 5909] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5909] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5909] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5909] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5908] <... futex resumed>) = ? [pid 5909] +++ killed by SIGBUS +++ [pid 5908] +++ killed by SIGBUS +++ [pid 5907] <... futex resumed>) = ? [pid 5907] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5907, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./293", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./293/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./293/binderfs") = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./293/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 105.599869][ T5908] loop0: detected capacity change from 0 to 2048 [ 105.611256][ T5908] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./293/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./293/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./293/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./293") = 0 mkdir("./294", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5910 attached , child_tidptr=0x555556218690) = 5910 [pid 5910] set_robust_list(0x5555562186a0, 24) = 0 [pid 5910] chdir("./294") = 0 [pid 5910] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5910] setpgid(0, 0) = 0 [pid 5910] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5910] write(3, "1000", 4) = 4 [pid 5910] close(3) = 0 [pid 5910] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5910] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5910] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5910] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5910] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5910] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5911 attached => {parent_tid=[5911]}, 88) = 5911 [pid 5911] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], [pid 5911] <... rseq resumed>) = 0 [pid 5910] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] set_robust_list(0x7f3dc90769a0, 24 [pid 5910] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] <... set_robust_list resumed>) = 0 [pid 5910] <... futex resumed>) = 0 [pid 5911] rt_sigprocmask(SIG_SETMASK, [], [pid 5910] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5911] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5911] memfd_create("syzkaller", 0) = 3 [pid 5911] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5911] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5911] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5911] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5911] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5911] close(3) = 0 [pid 5911] mkdir("./file0", 0777) = 0 [pid 5911] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5911] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5911] chdir("./file0") = 0 [pid 5911] ioctl(4, LOOP_CLR_FD) = 0 [pid 5911] close(4) = 0 [pid 5911] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] <... futex resumed>) = 1 [pid 5911] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5911] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5911] <... futex resumed>) = 1 [pid 5910] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5911] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5910] <... futex resumed>) = 0 [pid 5911] <... open resumed>) = 5 [pid 5910] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5911] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5910] <... futex resumed>) = 0 [pid 5910] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5911] <... futex resumed>) = 1 [pid 5910] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5911] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5911] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5911] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5910] <... clone3 resumed> => {parent_tid=[5912]}, 88) = 5912 [pid 5910] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5910] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5910] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5912] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5912] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5912] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5912] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5911] <... futex resumed>) = ? [pid 5911] +++ killed by SIGBUS +++ [pid 5912] +++ killed by SIGBUS +++ [pid 5910] <... futex resumed>) = ? [pid 5910] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5910, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./294", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./294/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./294/binderfs") = 0 [ 105.713797][ T5911] loop0: detected capacity change from 0 to 2048 [ 105.727568][ T5911] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./294/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./294/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./294/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./294/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./294") = 0 mkdir("./295", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5913 ./strace-static-x86_64: Process 5913 attached [pid 5913] set_robust_list(0x5555562186a0, 24) = 0 [pid 5913] chdir("./295") = 0 [pid 5913] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5913] setpgid(0, 0) = 0 [pid 5913] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5913] write(3, "1000", 4) = 4 [pid 5913] close(3) = 0 [pid 5913] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5913] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5913] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5913] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5914 attached => {parent_tid=[5914]}, 88) = 5914 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5914] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5914] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5914] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5914] memfd_create("syzkaller", 0) = 3 [pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5914] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5914] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5914] close(3) = 0 [pid 5914] mkdir("./file0", 0777) = 0 [pid 5914] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5914] chdir("./file0") = 0 [pid 5914] ioctl(4, LOOP_CLR_FD) = 0 [pid 5914] close(4) = 0 [pid 5914] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] <... futex resumed>) = 0 [pid 5914] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5913] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] <... open resumed>) = 4 [pid 5914] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5913] <... futex resumed>) = 0 [pid 5914] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5913] <... futex resumed>) = 0 [pid 5914] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5913] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5914] <... open resumed>) = 5 [pid 5914] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] <... futex resumed>) = 0 [pid 5914] <... futex resumed>) = 1 [pid 5913] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5914] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5913] <... futex resumed>) = 0 [pid 5913] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5914] <... mmap resumed>) = 0x20000000 [pid 5913] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5914] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5913] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5914] <... futex resumed>) = 0 [pid 5913] <... mprotect resumed>) = 0 [pid 5914] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5913] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5913] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5915]}, 88) = 5915 [pid 5913] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5913] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5913] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5915 attached [pid 5915] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5915] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5915] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5915] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5914] <... futex resumed>) = ? [pid 5913] <... futex resumed>) = ? [pid 5915] +++ killed by SIGBUS +++ [pid 5914] +++ killed by SIGBUS +++ [pid 5913] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5913, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./295", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./295/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./295/binderfs") = 0 [ 105.817929][ T5914] loop0: detected capacity change from 0 to 2048 [ 105.829168][ T5914] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./295/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./295/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./295/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./295/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./295") = 0 mkdir("./296", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5916 ./strace-static-x86_64: Process 5916 attached [pid 5916] set_robust_list(0x5555562186a0, 24) = 0 [pid 5916] chdir("./296") = 0 [pid 5916] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5916] setpgid(0, 0) = 0 [pid 5916] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5916] write(3, "1000", 4) = 4 [pid 5916] close(3) = 0 [pid 5916] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5916] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5916] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5916] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5917 attached => {parent_tid=[5917]}, 88) = 5917 [pid 5917] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5917] <... rseq resumed>) = 0 [pid 5917] set_robust_list(0x7f3dc90769a0, 24 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5917] <... set_robust_list resumed>) = 0 [pid 5916] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] rt_sigprocmask(SIG_SETMASK, [], [pid 5916] <... futex resumed>) = 0 [pid 5917] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5916] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5917] memfd_create("syzkaller", 0) = 3 [pid 5917] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5917] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5917] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5917] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5917] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5917] close(3) = 0 [pid 5917] mkdir("./file0", 0777) = 0 [pid 5917] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5917] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5917] chdir("./file0") = 0 [pid 5917] ioctl(4, LOOP_CLR_FD) = 0 [pid 5917] close(4) = 0 [pid 5917] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5916] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... futex resumed>) = 1 [pid 5917] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5917] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5917] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5916] <... futex resumed>) = 0 [pid 5917] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5916] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5917] <... open resumed>) = 5 [pid 5917] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5916] <... futex resumed>) = 0 [pid 5916] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... futex resumed>) = 1 [pid 5916] <... futex resumed>) = 0 [pid 5917] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5916] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5917] <... mmap resumed>) = 0x20000000 [pid 5916] <... futex resumed>) = 0 [pid 5916] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5916] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5917] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5917] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5916] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5916] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5918 attached [pid 5918] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5916] <... clone3 resumed> => {parent_tid=[5918]}, 88) = 5918 [pid 5918] <... rseq resumed>) = 0 [pid 5916] rt_sigprocmask(SIG_SETMASK, [], [pid 5918] set_robust_list(0x7f3dc0d559a0, 24 [pid 5916] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5918] <... set_robust_list resumed>) = 0 [pid 5916] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5918] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5916] <... futex resumed>) = 0 [pid 5918] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5916] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5917] <... futex resumed>) = ? [pid 5917] +++ killed by SIGBUS +++ [pid 5918] +++ killed by SIGBUS +++ [pid 5916] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5916, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./296", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./296/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./296/binderfs") = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./296/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./296/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./296/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./296/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./296") = 0 mkdir("./297", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5919 attached [pid 5919] set_robust_list(0x5555562186a0, 24) = 0 [pid 5919] chdir("./297") = 0 [pid 5919] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5919] setpgid(0, 0) = 0 [pid 5919] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5919] write(3, "1000", 4) = 4 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5919 [pid 5919] close(3) = 0 [pid 5919] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5919] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5919] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5919] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5920 attached => {parent_tid=[5920]}, 88) = 5920 [pid 5920] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5919] rt_sigprocmask(SIG_SETMASK, [], [pid 5920] set_robust_list(0x7f3dc90769a0, 24 [pid 5919] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5920] <... set_robust_list resumed>) = 0 [pid 5919] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] rt_sigprocmask(SIG_SETMASK, [], [pid 5919] <... futex resumed>) = 0 [pid 5920] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5919] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5920] memfd_create("syzkaller", 0) = 3 [pid 5920] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [ 105.916952][ T5917] loop0: detected capacity change from 0 to 2048 [ 105.929109][ T5917] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 5920] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5920] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5920] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5920] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5920] close(3) = 0 [pid 5920] mkdir("./file0", 0777) = 0 [pid 5920] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5920] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5920] chdir("./file0") = 0 [pid 5920] ioctl(4, LOOP_CLR_FD) = 0 [pid 5920] close(4) = 0 [pid 5920] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5920] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] <... futex resumed>) = 0 [pid 5920] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5919] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5920] <... open resumed>) = 4 [pid 5920] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5920] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5919] <... futex resumed>) = 0 [pid 5920] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5919] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5920] <... open resumed>) = 5 [pid 5920] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5919] <... futex resumed>) = 0 [pid 5919] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5920] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5919] <... futex resumed>) = 0 [pid 5919] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5919] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5920] <... mmap resumed>) = 0x20000000 [pid 5920] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5920] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5919] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5919] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5919] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5919] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5921]}, 88) = 5921 ./strace-static-x86_64: Process 5921 attached [pid 5919] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5919] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5921] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5919] <... futex resumed>) = 0 [pid 5921] <... rseq resumed>) = 0 [pid 5919] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5921] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5921] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5921] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5920] <... futex resumed>) = ? [pid 5920] +++ killed by SIGBUS +++ [pid 5919] <... futex resumed>) = ? [pid 5921] +++ killed by SIGBUS +++ [pid 5919] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5919, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./297", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./297/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./297/binderfs") = 0 [ 106.000013][ T5920] loop0: detected capacity change from 0 to 2048 [ 106.015661][ T5920] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./297/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./297/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./297/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./297/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./297") = 0 mkdir("./298", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5922 attached , child_tidptr=0x555556218690) = 5922 [pid 5922] set_robust_list(0x5555562186a0, 24) = 0 [pid 5922] chdir("./298") = 0 [pid 5922] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5922] setpgid(0, 0) = 0 [pid 5922] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5922] write(3, "1000", 4) = 4 [pid 5922] close(3) = 0 [pid 5922] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5922] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5922] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5922] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5923 attached [pid 5923] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5923] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5923] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5923] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5922] <... clone3 resumed> => {parent_tid=[5923]}, 88) = 5923 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5922] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5923] <... futex resumed>) = 0 [pid 5922] <... futex resumed>) = 1 [pid 5923] memfd_create("syzkaller", 0 [pid 5922] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5923] <... memfd_create resumed>) = 3 [pid 5923] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5923] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5923] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5923] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5923] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5923] close(3) = 0 [pid 5923] mkdir("./file0", 0777) = 0 [pid 5923] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5923] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5923] chdir("./file0") = 0 [pid 5923] ioctl(4, LOOP_CLR_FD) = 0 [pid 5923] close(4) = 0 [pid 5923] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... futex resumed>) = 1 [pid 5923] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5923] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5923] <... futex resumed>) = 1 [pid 5923] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5923] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... futex resumed>) = 0 [pid 5922] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5922] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5922] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5923] <... futex resumed>) = 1 [pid 5923] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5922] <... mprotect resumed>) = 0 [pid 5923] <... mmap resumed>) = 0x20000000 [pid 5922] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5923] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5922] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5923] <... futex resumed>) = 0 [pid 5922] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5923] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 5924 attached [pid 5922] <... clone3 resumed> => {parent_tid=[5924]}, 88) = 5924 [pid 5922] rt_sigprocmask(SIG_SETMASK, [], [pid 5924] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5922] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5922] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5924] <... rseq resumed>) = 0 [pid 5922] <... futex resumed>) = 0 [pid 5924] set_robust_list(0x7f3dc0d559a0, 24 [pid 5922] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5924] <... set_robust_list resumed>) = 0 [pid 5924] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5924] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5923] <... futex resumed>) = ? [pid 5922] <... futex resumed>) = ? [pid 5924] +++ killed by SIGBUS +++ [pid 5923] +++ killed by SIGBUS +++ [pid 5922] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5922, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./298", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./298/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.109391][ T5923] loop0: detected capacity change from 0 to 2048 [ 106.120717][ T5923] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./298/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./298/binderfs") = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./298/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./298/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./298/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./298/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./298") = 0 mkdir("./299", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5925 ./strace-static-x86_64: Process 5925 attached [pid 5925] set_robust_list(0x5555562186a0, 24) = 0 [pid 5925] chdir("./299") = 0 [pid 5925] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5925] setpgid(0, 0) = 0 [pid 5925] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5925] write(3, "1000", 4) = 4 [pid 5925] close(3) = 0 [pid 5925] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5925] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5925] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5925] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5926 attached => {parent_tid=[5926]}, 88) = 5926 [pid 5926] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], [pid 5926] <... rseq resumed>) = 0 [pid 5925] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5925] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] set_robust_list(0x7f3dc90769a0, 24 [pid 5925] <... futex resumed>) = 0 [pid 5925] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5926] <... set_robust_list resumed>) = 0 [pid 5926] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5926] memfd_create("syzkaller", 0) = 3 [pid 5926] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5926] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5926] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5926] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5926] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5926] close(3) = 0 [pid 5926] mkdir("./file0", 0777) = 0 [pid 5926] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5926] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5926] chdir("./file0") = 0 [pid 5926] ioctl(4, LOOP_CLR_FD) = 0 [pid 5926] close(4) = 0 [pid 5926] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5926] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5926] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5925] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... open resumed>) = 4 [pid 5926] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5926] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5926] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5925] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... open resumed>) = 5 [pid 5926] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5925] <... futex resumed>) = 0 [pid 5926] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5926] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5925] <... futex resumed>) = 0 [pid 5926] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5925] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5925] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5926] <... mmap resumed>) = 0x20000000 [pid 5926] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5925] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5926] <... futex resumed>) = 0 [pid 5925] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5926] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] <... mprotect resumed>) = 0 [pid 5925] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5925] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5927 attached [pid 5927] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5927] set_robust_list(0x7f3dc0d559a0, 24 [pid 5925] <... clone3 resumed> => {parent_tid=[5927]}, 88) = 5927 [pid 5925] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5927] <... set_robust_list resumed>) = 0 [pid 5927] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5927] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5925] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5927] <... futex resumed>) = 0 [pid 5927] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5925] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5926] <... futex resumed>) = ? [pid 5925] <... futex resumed>) = ? [pid 5926] +++ killed by SIGBUS +++ [pid 5927] +++ killed by SIGBUS +++ [pid 5925] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5925, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./299", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./299/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./299/binderfs") = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./299/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./299/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./299/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./299/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 106.239256][ T5926] loop0: detected capacity change from 0 to 2048 [ 106.250748][ T5926] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./299") = 0 mkdir("./300", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5928 ./strace-static-x86_64: Process 5928 attached [pid 5928] set_robust_list(0x5555562186a0, 24) = 0 [pid 5928] chdir("./300") = 0 [pid 5928] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5928] setpgid(0, 0) = 0 [pid 5928] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5928] write(3, "1000", 4) = 4 [pid 5928] close(3) = 0 [pid 5928] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5928] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5928] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5928] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5928] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5928] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5929]}, 88) = 5929 ./strace-static-x86_64: Process 5929 attached [pid 5929] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5928] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5928] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5929] <... rseq resumed>) = 0 [pid 5929] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5929] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5929] memfd_create("syzkaller", 0) = 3 [pid 5929] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5929] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5929] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5929] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5929] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5929] close(3) = 0 [pid 5929] mkdir("./file0", 0777) = 0 [pid 5929] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5929] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5929] chdir("./file0") = 0 [pid 5929] ioctl(4, LOOP_CLR_FD) = 0 [pid 5929] close(4) = 0 [pid 5929] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... futex resumed>) = 0 [pid 5928] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = 0 [pid 5928] <... futex resumed>) = 1 [pid 5929] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5928] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... open resumed>) = 4 [pid 5929] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5928] <... futex resumed>) = 0 [pid 5929] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5929] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5928] <... futex resumed>) = 0 [pid 5929] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5928] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5929] <... open resumed>) = 5 [pid 5929] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... futex resumed>) = 0 [pid 5928] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5929] <... futex resumed>) = 0 [pid 5929] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5929] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5929] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5928] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5928] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5928] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5928] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5930 attached => {parent_tid=[5930]}, 88) = 5930 [pid 5930] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5928] rt_sigprocmask(SIG_SETMASK, [], [pid 5930] set_robust_list(0x7f3dc0d559a0, 24 [pid 5928] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5930] <... set_robust_list resumed>) = 0 [pid 5928] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5930] rt_sigprocmask(SIG_SETMASK, [], [pid 5928] <... futex resumed>) = 0 [pid 5930] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5928] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5930] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5928] <... futex resumed>) = ? [pid 5929] <... futex resumed>) = ? [pid 5929] +++ killed by SIGBUS +++ [pid 5930] +++ killed by SIGBUS +++ [pid 5928] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5928, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./300", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./300/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./300/binderfs") = 0 [ 106.349683][ T5929] loop0: detected capacity change from 0 to 2048 [ 106.361713][ T5929] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./300/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./300/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./300/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./300/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./300") = 0 mkdir("./301", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5931 ./strace-static-x86_64: Process 5931 attached [pid 5931] set_robust_list(0x5555562186a0, 24) = 0 [pid 5931] chdir("./301") = 0 [pid 5931] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5931] setpgid(0, 0) = 0 [pid 5931] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5931] write(3, "1000", 4) = 4 [pid 5931] close(3) = 0 [pid 5931] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5931] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5931] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5931] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5932]}, 88) = 5932 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5932 attached [pid 5932] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5932] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5932] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5932] memfd_create("syzkaller", 0) = 3 [pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5932] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5932] close(3) = 0 [pid 5932] mkdir("./file0", 0777) = 0 [pid 5932] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5932] chdir("./file0") = 0 [pid 5932] ioctl(4, LOOP_CLR_FD) = 0 [pid 5932] close(4) = 0 [pid 5932] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5931] <... futex resumed>) = 0 [pid 5932] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5931] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] <... open resumed>) = 4 [pid 5932] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5931] <... futex resumed>) = 0 [pid 5932] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5931] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5932] <... open resumed>) = 5 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5932] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5931] <... futex resumed>) = 0 [pid 5931] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] <... futex resumed>) = 1 [pid 5932] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5931] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5932] <... mmap resumed>) = 0x20000000 [pid 5931] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5931] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5932] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5932] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5931] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5931] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5933]}, 88) = 5933 [pid 5931] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5931] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5931] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5933 attached [pid 5933] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5933] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5933] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5933] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5932] <... futex resumed>) = ? [pid 5931] <... futex resumed>) = ? [pid 5932] +++ killed by SIGBUS +++ [pid 5933] +++ killed by SIGBUS +++ [pid 5931] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5931, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./301", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./301/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./301/binderfs") = 0 [ 106.446293][ T5932] loop0: detected capacity change from 0 to 2048 [ 106.458005][ T5932] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./301/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./301/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./301/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./301/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./301") = 0 mkdir("./302", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5934 attached [pid 5934] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5934 [pid 5934] chdir("./302") = 0 [pid 5934] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5934] setpgid(0, 0) = 0 [pid 5934] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5934] write(3, "1000", 4) = 4 [pid 5934] close(3) = 0 [pid 5934] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5934] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5934] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5934] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5935 attached => {parent_tid=[5935]}, 88) = 5935 [pid 5935] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], [pid 5935] set_robust_list(0x7f3dc90769a0, 24 [pid 5934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5935] <... set_robust_list resumed>) = 0 [pid 5934] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] rt_sigprocmask(SIG_SETMASK, [], [pid 5934] <... futex resumed>) = 0 [pid 5935] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5934] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5935] memfd_create("syzkaller", 0) = 3 [pid 5935] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5935] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5935] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5935] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5935] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5935] close(3) = 0 [pid 5935] mkdir("./file0", 0777) = 0 [pid 5935] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5935] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5935] chdir("./file0") = 0 [pid 5935] ioctl(4, LOOP_CLR_FD) = 0 [pid 5935] close(4) = 0 [pid 5935] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5935] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = 0 [pid 5934] <... futex resumed>) = 1 [pid 5935] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5934] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] <... open resumed>) = 4 [pid 5935] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5934] <... futex resumed>) = 0 [pid 5934] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] <... futex resumed>) = 1 [pid 5934] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5935] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5935] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5934] <... futex resumed>) = 0 [pid 5935] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5935] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5935] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5934] <... futex resumed>) = 0 [pid 5935] <... mmap resumed>) = 0x20000000 [pid 5934] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5934] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5935] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5935] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5934] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5934] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5934] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5936 attached [pid 5936] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5934] <... clone3 resumed> => {parent_tid=[5936]}, 88) = 5936 [pid 5936] <... rseq resumed>) = 0 [pid 5934] rt_sigprocmask(SIG_SETMASK, [], [pid 5936] set_robust_list(0x7f3dc0d559a0, 24 [pid 5934] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] <... set_robust_list resumed>) = 0 [pid 5934] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5936] rt_sigprocmask(SIG_SETMASK, [], [pid 5934] <... futex resumed>) = 0 [pid 5936] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5936] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5934] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5935] <... futex resumed>) = ? [pid 5935] +++ killed by SIGBUS +++ [pid 5936] +++ killed by SIGBUS +++ [pid 5934] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5934, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./302", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./302/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./302/binderfs") = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./302/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./302/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./302/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./302/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./302") = 0 mkdir("./303", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 106.554724][ T5935] loop0: detected capacity change from 0 to 2048 [ 106.566710][ T5935] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5937 attached , child_tidptr=0x555556218690) = 5937 [pid 5937] set_robust_list(0x5555562186a0, 24) = 0 [pid 5937] chdir("./303") = 0 [pid 5937] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5937] setpgid(0, 0) = 0 [pid 5937] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5937] write(3, "1000", 4) = 4 [pid 5937] close(3) = 0 [pid 5937] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5937] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5937] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5937] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5937] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5937] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5938 attached => {parent_tid=[5938]}, 88) = 5938 [pid 5938] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5938] <... rseq resumed>) = 0 [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5937] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] <... futex resumed>) = 0 [pid 5938] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5938] memfd_create("syzkaller", 0 [pid 5937] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5938] <... memfd_create resumed>) = 3 [pid 5938] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5938] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5938] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5938] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5938] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5938] close(3) = 0 [pid 5938] mkdir("./file0", 0777) = 0 [pid 5938] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5938] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5938] chdir("./file0") = 0 [pid 5938] ioctl(4, LOOP_CLR_FD) = 0 [pid 5938] close(4) = 0 [pid 5938] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5937] <... futex resumed>) = 0 [pid 5938] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 5937] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5937] <... futex resumed>) = 0 [pid 5937] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5938] <... open resumed>) = 4 [pid 5938] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = 0 [pid 5938] <... futex resumed>) = 1 [pid 5937] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5938] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5937] <... futex resumed>) = 0 [pid 5937] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5938] <... open resumed>) = 5 [pid 5938] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5937] <... futex resumed>) = 0 [pid 5937] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5937] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5937] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5938] <... futex resumed>) = 1 [pid 5937] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5938] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5938] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5938] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5937] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5937] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5939 attached [pid 5939] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5939] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5939] rt_sigprocmask(SIG_SETMASK, [], [pid 5937] <... clone3 resumed> => {parent_tid=[5939]}, 88) = 5939 [pid 5937] rt_sigprocmask(SIG_SETMASK, [], [pid 5939] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5937] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5939] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5937] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5939] <... futex resumed>) = 0 [pid 5937] <... futex resumed>) = 1 [pid 5937] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5939] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5938] <... futex resumed>) = ? [pid 5937] <... futex resumed>) = ? [pid 5939] +++ killed by SIGBUS +++ [pid 5938] +++ killed by SIGBUS +++ [pid 5937] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5937, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./303", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 106.649734][ T5938] loop0: detected capacity change from 0 to 2048 [ 106.663151][ T5938] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./303", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./303/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./303/binderfs") = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./303/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./303/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./303/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./303/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./303") = 0 mkdir("./304", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5940 attached , child_tidptr=0x555556218690) = 5940 [pid 5940] set_robust_list(0x5555562186a0, 24) = 0 [pid 5940] chdir("./304") = 0 [pid 5940] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5940] setpgid(0, 0) = 0 [pid 5940] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5940] write(3, "1000", 4) = 4 [pid 5940] close(3) = 0 [pid 5940] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5940] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5940] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5940] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5941]}, 88) = 5941 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5940] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5941 attached [pid 5941] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5941] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5941] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5941] memfd_create("syzkaller", 0) = 3 [pid 5941] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5941] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5941] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5941] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5941] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5941] close(3) = 0 [pid 5941] mkdir("./file0", 0777) = 0 [pid 5941] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5941] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5941] chdir("./file0") = 0 [pid 5941] ioctl(4, LOOP_CLR_FD) = 0 [pid 5941] close(4) = 0 [pid 5941] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5941] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5941] <... futex resumed>) = 0 [pid 5940] <... futex resumed>) = 1 [pid 5941] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5940] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] <... open resumed>) = 4 [pid 5941] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5941] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5941] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = 0 [pid 5940] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5940] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5940] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5940] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5942 attached [pid 5942] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5940] <... clone3 resumed> => {parent_tid=[5942]}, 88) = 5942 [pid 5942] <... rseq resumed>) = 0 [pid 5942] set_robust_list(0x7f3dc0d559a0, 24 [pid 5940] rt_sigprocmask(SIG_SETMASK, [], [pid 5942] <... set_robust_list resumed>) = 0 [pid 5940] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5942] rt_sigprocmask(SIG_SETMASK, [], [pid 5940] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5940] <... futex resumed>) = 0 [pid 5942] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 5940] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] <... open resumed>) = 6 [pid 5941] <... futex resumed>) = 1 [pid 5942] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5940] <... futex resumed>) = 0 [pid 5941] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5940] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] write(6, 0x20000000, 34136651 [pid 5941] <... mmap resumed>) = 0x20000000 [pid 5940] <... futex resumed>) = 0 [pid 5942] <... write resumed>) = -1 EFAULT (Bad address) [pid 5940] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5940] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5941] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5942] ftruncate(4, 2 [pid 5940] <... futex resumed>) = 0 [pid 5941] <... futex resumed>) = 0 [pid 5941] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5942] <... ftruncate resumed>) = 0 [pid 5940] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5942] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5940] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5942] <... futex resumed>) = 0 [pid 5940] exit_group(0 [pid 5942] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5941] <... futex resumed>) = ? [pid 5940] <... exit_group resumed>) = ? [pid 5941] +++ exited with 0 +++ [pid 5942] +++ exited with 0 +++ [pid 5940] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=5940, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./304", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./304/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./304/binderfs") = 0 [ 106.759021][ T5941] loop0: detected capacity change from 0 to 2048 [ 106.770852][ T5941] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./304/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./304/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./304/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./304/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./304") = 0 mkdir("./305", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5943 ./strace-static-x86_64: Process 5943 attached [pid 5943] set_robust_list(0x5555562186a0, 24) = 0 [pid 5943] chdir("./305") = 0 [pid 5943] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5943] setpgid(0, 0) = 0 [pid 5943] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5943] write(3, "1000", 4) = 4 [pid 5943] close(3) = 0 [pid 5943] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5943] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5943] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5943] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5943] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5943] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5944 attached => {parent_tid=[5944]}, 88) = 5944 [pid 5944] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5944] <... rseq resumed>) = 0 [pid 5944] set_robust_list(0x7f3dc90769a0, 24 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5943] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] <... set_robust_list resumed>) = 0 [pid 5943] <... futex resumed>) = 0 [pid 5944] rt_sigprocmask(SIG_SETMASK, [], [pid 5943] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5944] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5944] memfd_create("syzkaller", 0) = 3 [pid 5944] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5944] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5944] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5944] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5944] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5944] close(3) = 0 [pid 5944] mkdir("./file0", 0777) = 0 [pid 5944] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5944] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5944] chdir("./file0") = 0 [pid 5944] ioctl(4, LOOP_CLR_FD) = 0 [pid 5944] close(4) = 0 [pid 5944] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5944] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5943] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] <... futex resumed>) = 0 [pid 5944] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5944] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5944] <... futex resumed>) = 1 [pid 5943] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5944] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5943] <... futex resumed>) = 0 [pid 5944] <... open resumed>) = 5 [pid 5943] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5944] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5943] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] <... futex resumed>) = 1 [pid 5943] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5944] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5945] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5944] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5944] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5945] <... rseq resumed>) = 0 [pid 5943] <... clone3 resumed> => {parent_tid=[5945]}, 88) = 5945 [pid 5945] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5943] rt_sigprocmask(SIG_SETMASK, [], [pid 5945] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5943] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5945] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5943] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5945] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5943] <... futex resumed>) = 0 [pid 5943] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5945] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5944] <... futex resumed>) = ? [pid 5943] <... futex resumed>) = ? [pid 5945] +++ killed by SIGBUS +++ [pid 5944] +++ killed by SIGBUS +++ [pid 5943] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5943, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./305", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./305/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./305/binderfs") = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./305/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./305/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./305/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./305/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./305") = 0 mkdir("./306", 0777) = 0 [ 106.866971][ T5944] loop0: detected capacity change from 0 to 2048 [ 106.878006][ T5944] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5946 ./strace-static-x86_64: Process 5946 attached [pid 5946] set_robust_list(0x5555562186a0, 24) = 0 [pid 5946] chdir("./306") = 0 [pid 5946] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5946] setpgid(0, 0) = 0 [pid 5946] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5946] write(3, "1000", 4) = 4 [pid 5946] close(3) = 0 [pid 5946] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5946] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5946] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5946] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5946] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5946] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5946] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5947]}, 88) = 5947 [pid 5946] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5946] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5947 attached [pid 5947] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5947] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5947] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5947] memfd_create("syzkaller", 0) = 3 [pid 5947] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5947] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5947] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5947] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5947] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5947] close(3) = 0 [pid 5947] mkdir("./file0", 0777) = 0 [pid 5947] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5947] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5947] chdir("./file0") = 0 [pid 5947] ioctl(4, LOOP_CLR_FD) = 0 [pid 5947] close(4) = 0 [pid 5947] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5947] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5946] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5946] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] <... open resumed>) = 4 [pid 5947] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5946] <... futex resumed>) = 0 [pid 5947] <... open resumed>) = 5 [pid 5946] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5946] <... futex resumed>) = 0 [pid 5946] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5947] <... futex resumed>) = 0 [pid 5946] <... futex resumed>) = 1 [pid 5947] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5946] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5947] <... futex resumed>) = 0 [pid 5946] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5947] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5947] +++ killed by SIGBUS +++ [pid 5946] <... futex resumed>) = ? [pid 5946] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5946, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./306", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./306/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./306/binderfs") = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./306/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./306/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./306/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./306/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 106.977331][ T5947] loop0: detected capacity change from 0 to 2048 [ 106.989953][ T5947] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./306") = 0 mkdir("./307", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5948 attached , child_tidptr=0x555556218690) = 5948 [pid 5948] set_robust_list(0x5555562186a0, 24) = 0 [pid 5948] chdir("./307") = 0 [pid 5948] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5948] setpgid(0, 0) = 0 [pid 5948] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5948] write(3, "1000", 4) = 4 [pid 5948] close(3) = 0 [pid 5948] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5948] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5948] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5948] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5948] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5949]}, 88) = 5949 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5949 attached [pid 5949] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5949] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] rt_sigprocmask(SIG_SETMASK, [], [pid 5948] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5948] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5949] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5949] memfd_create("syzkaller", 0) = 3 [pid 5949] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5949] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5949] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5949] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5949] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5949] close(3) = 0 [pid 5949] mkdir("./file0", 0777) = 0 [pid 5949] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5949] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5949] chdir("./file0") = 0 [pid 5949] ioctl(4, LOOP_CLR_FD) = 0 [pid 5949] close(4) = 0 [pid 5949] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5948] <... futex resumed>) = 0 [pid 5949] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5949] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5948] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... open resumed>) = 4 [pid 5949] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] <... futex resumed>) = 0 [pid 5948] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5948] <... futex resumed>) = 0 [pid 5949] <... open resumed>) = 5 [pid 5949] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5948] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5949] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5948] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5949] <... futex resumed>) = 0 [pid 5948] <... futex resumed>) = 1 [pid 5949] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5948] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5948] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5948] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5950 attached [pid 5950] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5948] <... clone3 resumed> => {parent_tid=[5950]}, 88) = 5950 [pid 5950] <... rseq resumed>) = 0 [pid 5948] rt_sigprocmask(SIG_SETMASK, [], [pid 5950] set_robust_list(0x7f3dc0d559a0, 24 [pid 5948] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5950] <... set_robust_list resumed>) = 0 [pid 5948] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5950] rt_sigprocmask(SIG_SETMASK, [], [pid 5948] <... futex resumed>) = 0 [pid 5950] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5948] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5950] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5949] <... futex resumed>) = ? [pid 5948] <... futex resumed>) = ? [pid 5950] +++ killed by SIGBUS +++ [pid 5949] +++ killed by SIGBUS +++ [pid 5948] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5948, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./307", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./307/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./307/binderfs") = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./307/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./307/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./307/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./307/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./307") = 0 mkdir("./308", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 107.097091][ T5949] loop0: detected capacity change from 0 to 2048 [ 107.109664][ T5949] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5951 ./strace-static-x86_64: Process 5951 attached [pid 5951] set_robust_list(0x5555562186a0, 24) = 0 [pid 5951] chdir("./308") = 0 [pid 5951] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5951] setpgid(0, 0) = 0 [pid 5951] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5951] write(3, "1000", 4) = 4 [pid 5951] close(3) = 0 [pid 5951] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5951] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5951] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5951] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5951] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5951] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5952 attached => {parent_tid=[5952]}, 88) = 5952 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5952] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5952] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5952] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5952] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5951] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5952] <... futex resumed>) = 0 [pid 5951] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5952] memfd_create("syzkaller", 0) = 3 [pid 5952] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5952] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5952] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5952] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5952] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5952] close(3) = 0 [pid 5952] mkdir("./file0", 0777) = 0 [ 107.195049][ T5952] __do_sys_memfd_create: 36 callbacks suppressed [ 107.195066][ T5952] syz-executor183[5952]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.227194][ T5952] loop0: detected capacity change from 0 to 2048 [pid 5952] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5952] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5952] chdir("./file0") = 0 [pid 5952] ioctl(4, LOOP_CLR_FD) = 0 [pid 5952] close(4) = 0 [pid 5952] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5952] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5951] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5951] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5952] <... open resumed>) = 4 [pid 5952] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5951] <... futex resumed>) = 0 [pid 5952] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5951] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] <... open resumed>) = 5 [pid 5951] <... futex resumed>) = 0 [pid 5952] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5951] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5952] <... futex resumed>) = 0 [pid 5951] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5952] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5951] <... futex resumed>) = 0 [pid 5951] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5952] <... mmap resumed>) = 0x20000000 [pid 5952] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5951] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5951] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5952] <... futex resumed>) = 0 [pid 5951] <... mprotect resumed>) = 0 [pid 5951] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5952] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5951] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5951] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5953 attached => {parent_tid=[5953]}, 88) = 5953 [pid 5953] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5951] rt_sigprocmask(SIG_SETMASK, [], [pid 5953] <... rseq resumed>) = 0 [pid 5951] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5953] set_robust_list(0x7f3dc0d559a0, 24 [pid 5951] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5953] <... set_robust_list resumed>) = 0 [pid 5951] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5953] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5953] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5952] <... futex resumed>) = ? [pid 5951] <... futex resumed>) = ? [pid 5952] +++ killed by SIGBUS +++ [pid 5953] +++ killed by SIGBUS +++ [pid 5951] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5951, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./308", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./308/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./308/binderfs") = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./308/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./308/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./308/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./308/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./308") = 0 mkdir("./309", 0777) = 0 [ 107.237817][ T5952] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5954 ./strace-static-x86_64: Process 5954 attached [pid 5954] set_robust_list(0x5555562186a0, 24) = 0 [pid 5954] chdir("./309") = 0 [pid 5954] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5954] setpgid(0, 0) = 0 [pid 5954] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5954] write(3, "1000", 4) = 4 [pid 5954] close(3) = 0 [pid 5954] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5954] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5954] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5954] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5955 attached => {parent_tid=[5955]}, 88) = 5955 [pid 5954] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5954] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5955] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5955] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5955] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5955] memfd_create("syzkaller", 0) = 3 [pid 5955] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5955] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5955] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5955] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5955] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5955] close(3) = 0 [pid 5955] mkdir("./file0", 0777) = 0 [pid 5955] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5955] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5955] chdir("./file0") = 0 [pid 5955] ioctl(4, LOOP_CLR_FD) = 0 [pid 5955] close(4) = 0 [pid 5955] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5955] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5955] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5954] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... open resumed>) = 4 [pid 5955] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5955] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5955] <... futex resumed>) = 0 [pid 5954] <... futex resumed>) = 1 [pid 5955] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5954] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... open resumed>) = 5 [pid 5955] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5954] <... futex resumed>) = 0 [pid 5954] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5954] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5955] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5954] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5955] <... mmap resumed>) = 0x20000000 [pid 5954] <... mprotect resumed>) = 0 [pid 5954] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5954] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5955] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 5956 attached [pid 5956] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5956] set_robust_list(0x7f3dc0d559a0, 24 [pid 5954] <... clone3 resumed> => {parent_tid=[5956]}, 88) = 5956 [pid 5956] <... set_robust_list resumed>) = 0 [pid 5955] <... futex resumed>) = 0 [pid 5956] rt_sigprocmask(SIG_SETMASK, [], [pid 5955] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5954] rt_sigprocmask(SIG_SETMASK, [], [pid 5956] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5954] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5954] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5956] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5954] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5955] <... futex resumed>) = ? [pid 5954] <... futex resumed>) = ? [pid 5955] +++ killed by SIGBUS +++ [pid 5956] +++ killed by SIGBUS +++ [pid 5954] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5954, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./309", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./309/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./309/binderfs") = 0 [ 107.325565][ T5955] syz-executor183[5955]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.351531][ T5955] loop0: detected capacity change from 0 to 2048 [ 107.363014][ T5955] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./309/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./309/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./309/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./309/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./309") = 0 mkdir("./310", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5957 attached , child_tidptr=0x555556218690) = 5957 [pid 5957] set_robust_list(0x5555562186a0, 24) = 0 [pid 5957] chdir("./310") = 0 [pid 5957] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5957] setpgid(0, 0) = 0 [pid 5957] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5957] write(3, "1000", 4) = 4 [pid 5957] close(3) = 0 [pid 5957] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5957] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5957] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5957] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5957] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5957] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5957] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5958]}, 88) = 5958 [pid 5957] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5957] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5957] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5958 attached [pid 5958] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5958] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5958] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5958] memfd_create("syzkaller", 0) = 3 [pid 5958] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5958] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5958] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5958] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5958] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5958] close(3) = 0 [pid 5958] mkdir("./file0", 0777) = 0 [pid 5958] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5958] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5958] chdir("./file0") = 0 [pid 5958] ioctl(4, LOOP_CLR_FD) = 0 [pid 5958] close(4) = 0 [pid 5958] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5958] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... futex resumed>) = 0 [pid 5957] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5958] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5958] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... futex resumed>) = 1 [pid 5957] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5958] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5958] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] <... futex resumed>) = 1 [pid 5957] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5957] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5958] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 5958] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5958] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5957] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5958] <... futex resumed>) = 0 [pid 5957] <... futex resumed>) = 1 [pid 5958] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5957] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5958] +++ killed by SIGBUS +++ [pid 5957] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5957, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./310", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./310/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./310/binderfs") = 0 [ 107.458067][ T5958] syz-executor183[5958]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.483103][ T5958] loop0: detected capacity change from 0 to 2048 [ 107.494395][ T5958] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./310/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./310/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./310/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./310/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./310") = 0 mkdir("./311", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5959 ./strace-static-x86_64: Process 5959 attached [pid 5959] set_robust_list(0x5555562186a0, 24) = 0 [pid 5959] chdir("./311") = 0 [pid 5959] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5959] setpgid(0, 0) = 0 [pid 5959] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5959] write(3, "1000", 4) = 4 [pid 5959] close(3) = 0 [pid 5959] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5959] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5959] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5959] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5959] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5959] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5959] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5960]}, 88) = 5960 [pid 5959] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5959] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5960 attached [pid 5960] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5960] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5960] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5960] memfd_create("syzkaller", 0) = 3 [pid 5960] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5960] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5960] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5960] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5960] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5960] close(3) = 0 [pid 5960] mkdir("./file0", 0777) = 0 [pid 5960] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5960] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5960] chdir("./file0") = 0 [pid 5960] ioctl(4, LOOP_CLR_FD) = 0 [pid 5960] close(4) = 0 [pid 5960] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5960] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5959] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... open resumed>) = 4 [pid 5960] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5959] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5960] <... futex resumed>) = 1 [pid 5960] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5960] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5959] <... futex resumed>) = 0 [pid 5959] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5960] <... futex resumed>) = 0 [pid 5959] <... futex resumed>) = 1 [pid 5960] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5959] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5960] <... futex resumed>) = 0 [pid 5960] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5960] +++ killed by SIGBUS +++ [pid 5959] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5959, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./311", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./311/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./311/binderfs") = 0 [ 107.575728][ T5960] syz-executor183[5960]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.598679][ T5960] loop0: detected capacity change from 0 to 2048 [ 107.610045][ T5960] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./311/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./311/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./311/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./311/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./311") = 0 mkdir("./312", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5961 ./strace-static-x86_64: Process 5961 attached [pid 5961] set_robust_list(0x5555562186a0, 24) = 0 [pid 5961] chdir("./312") = 0 [pid 5961] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5961] setpgid(0, 0) = 0 [pid 5961] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5961] write(3, "1000", 4) = 4 [pid 5961] close(3) = 0 [pid 5961] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5961] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5961] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5961] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5962 attached [pid 5962] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5961] <... clone3 resumed> => {parent_tid=[5962]}, 88) = 5962 [pid 5962] <... rseq resumed>) = 0 [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5962] set_robust_list(0x7f3dc90769a0, 24 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5962] <... set_robust_list resumed>) = 0 [pid 5961] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5962] memfd_create("syzkaller", 0 [pid 5961] <... futex resumed>) = 0 [pid 5961] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5962] <... memfd_create resumed>) = 3 [pid 5962] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5962] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5962] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5962] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5962] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5962] close(3) = 0 [pid 5962] mkdir("./file0", 0777) = 0 [pid 5962] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5962] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5962] chdir("./file0") = 0 [pid 5962] ioctl(4, LOOP_CLR_FD) = 0 [pid 5962] close(4) = 0 [pid 5962] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5961] <... futex resumed>) = 0 [pid 5962] <... futex resumed>) = 1 [pid 5961] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5961] <... futex resumed>) = 0 [pid 5961] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5962] <... open resumed>) = 4 [pid 5962] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5962] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5962] <... futex resumed>) = 0 [pid 5962] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5962] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5961] <... futex resumed>) = 0 [pid 5962] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5962] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5962] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5961] <... futex resumed>) = 0 [pid 5961] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5961] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5962] <... mmap resumed>) = 0x20000000 [pid 5961] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5962] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5962] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5961] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5961] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5961] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5963]}, 88) = 5963 ./strace-static-x86_64: Process 5963 attached [pid 5961] rt_sigprocmask(SIG_SETMASK, [], [pid 5963] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 5961] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5963] <... rseq resumed>) = 0 [pid 5961] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5963] set_robust_list(0x7f3dc0d559a0, 24 [pid 5961] <... futex resumed>) = 0 [pid 5963] <... set_robust_list resumed>) = 0 [pid 5961] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5963] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5963] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5962] <... futex resumed>) = ? [pid 5961] <... futex resumed>) = ? [pid 5963] +++ killed by SIGBUS +++ [pid 5962] +++ killed by SIGBUS +++ [pid 5961] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5961, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./312", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./312", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./312/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./312/binderfs") = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./312/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./312/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 107.704428][ T5962] syz-executor183[5962]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.728383][ T5962] loop0: detected capacity change from 0 to 2048 [ 107.740983][ T5962] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./312/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./312/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./312") = 0 mkdir("./313", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5964 attached , child_tidptr=0x555556218690) = 5964 [pid 5964] set_robust_list(0x5555562186a0, 24) = 0 [pid 5964] chdir("./313") = 0 [pid 5964] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5964] setpgid(0, 0) = 0 [pid 5964] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5964] write(3, "1000", 4) = 4 [pid 5964] close(3) = 0 [pid 5964] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5964] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5964] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5964] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5965 attached => {parent_tid=[5965]}, 88) = 5965 [pid 5965] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5965] set_robust_list(0x7f3dc90769a0, 24 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5965] <... set_robust_list resumed>) = 0 [pid 5964] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] <... futex resumed>) = 0 [pid 5965] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5965] memfd_create("syzkaller", 0) = 3 [pid 5965] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5965] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5965] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5965] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5965] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5965] close(3) = 0 [pid 5965] mkdir("./file0", 0777) = 0 [ 107.797449][ T5965] syz-executor183[5965]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.831513][ T5965] loop0: detected capacity change from 0 to 2048 [pid 5965] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5965] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5965] chdir("./file0") = 0 [pid 5965] ioctl(4, LOOP_CLR_FD) = 0 [pid 5965] close(4) = 0 [pid 5965] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] <... futex resumed>) = 1 [pid 5965] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5965] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5965] <... futex resumed>) = 1 [pid 5964] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5965] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5964] <... futex resumed>) = 0 [pid 5965] <... open resumed>) = 5 [pid 5964] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5965] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] <... futex resumed>) = 0 [pid 5964] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5964] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5965] <... futex resumed>) = 1 [pid 5965] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5964] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5965] <... mmap resumed>) = 0x20000000 [pid 5965] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5964] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5965] <... futex resumed>) = 0 [pid 5965] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5964] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5964] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5966 attached => {parent_tid=[5966]}, 88) = 5966 [pid 5966] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5964] rt_sigprocmask(SIG_SETMASK, [], [pid 5966] set_robust_list(0x7f3dc0d559a0, 24 [pid 5964] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5966] <... set_robust_list resumed>) = 0 [pid 5964] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5966] rt_sigprocmask(SIG_SETMASK, [], [pid 5964] <... futex resumed>) = 0 [pid 5966] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5964] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5966] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5965] <... futex resumed>) = ? [pid 5965] +++ killed by SIGBUS +++ [pid 5964] <... futex resumed>) = ? [pid 5966] +++ killed by SIGBUS +++ [pid 5964] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5964, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=7 /* 0.07 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./313", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./313/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./313/binderfs") = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./313/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./313/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./313/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./313/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./313") = 0 mkdir("./314", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 107.845045][ T5965] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5967 attached , child_tidptr=0x555556218690) = 5967 [pid 5967] set_robust_list(0x5555562186a0, 24) = 0 [pid 5967] chdir("./314") = 0 [pid 5967] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5967] setpgid(0, 0) = 0 [pid 5967] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5967] write(3, "1000", 4) = 4 [pid 5967] close(3) = 0 [pid 5967] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5967] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5967] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5967] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5968 attached [pid 5968] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5968] set_robust_list(0x7f3dc90769a0, 24 [pid 5967] <... clone3 resumed> => {parent_tid=[5968]}, 88) = 5968 [pid 5968] <... set_robust_list resumed>) = 0 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], [pid 5968] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5967] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5968] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] memfd_create("syzkaller", 0 [pid 5967] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5968] <... memfd_create resumed>) = 3 [pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5968] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5968] close(3) = 0 [pid 5968] mkdir("./file0", 0777) = 0 [pid 5968] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5968] chdir("./file0") = 0 [pid 5968] ioctl(4, LOOP_CLR_FD) = 0 [pid 5968] close(4) = 0 [pid 5968] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] <... futex resumed>) = 0 [pid 5968] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5967] <... futex resumed>) = 0 [pid 5968] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5967] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] <... open resumed>) = 4 [pid 5968] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = 0 [pid 5968] <... futex resumed>) = 1 [pid 5967] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5968] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5967] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5968] <... futex resumed>) = 0 [pid 5967] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5968] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5967] <... futex resumed>) = 0 [pid 5967] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5967] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5968] <... mmap resumed>) = 0x20000000 [pid 5967] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5968] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5968] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] <... mprotect resumed>) = 0 [pid 5967] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5967] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5969]}, 88) = 5969 [pid 5967] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 5969 attached [pid 5969] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5969] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5969] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5969] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5967] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5967] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5969] <... futex resumed>) = 0 [pid 5969] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5968] <... futex resumed>) = ? [pid 5967] <... futex resumed>) = ? [pid 5969] +++ killed by SIGBUS +++ [pid 5968] +++ killed by SIGBUS +++ [pid 5967] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5967, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./314", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./314/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./314/binderfs") = 0 [ 107.912376][ T5968] syz-executor183[5968]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 107.937861][ T5968] loop0: detected capacity change from 0 to 2048 [ 107.948596][ T5968] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./314/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./314/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./314/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./314/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./314") = 0 mkdir("./315", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5970 attached , child_tidptr=0x555556218690) = 5970 [pid 5970] set_robust_list(0x5555562186a0, 24) = 0 [pid 5970] chdir("./315") = 0 [pid 5970] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5970] setpgid(0, 0) = 0 [pid 5970] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5970] write(3, "1000", 4) = 4 [pid 5970] close(3) = 0 [pid 5970] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5970] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5970] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5970] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5971 attached => {parent_tid=[5971]}, 88) = 5971 [pid 5971] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], [pid 5971] <... rseq resumed>) = 0 [pid 5971] set_robust_list(0x7f3dc90769a0, 24 [pid 5970] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5971] <... set_robust_list resumed>) = 0 [pid 5970] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] rt_sigprocmask(SIG_SETMASK, [], [pid 5970] <... futex resumed>) = 0 [pid 5971] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5970] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5971] memfd_create("syzkaller", 0) = 3 [pid 5971] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5971] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5971] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5971] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5971] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5971] close(3) = 0 [pid 5971] mkdir("./file0", 0777) = 0 [pid 5971] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5971] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5971] chdir("./file0") = 0 [pid 5971] ioctl(4, LOOP_CLR_FD) = 0 [pid 5971] close(4) = 0 [pid 5971] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = 0 [pid 5970] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5970] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5971] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5970] <... futex resumed>) = 0 [pid 5970] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] <... futex resumed>) = 1 [pid 5970] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5971] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5971] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5970] <... futex resumed>) = 0 [pid 5971] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5970] <... futex resumed>) = 0 [pid 5971] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5970] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5971] <... mmap resumed>) = 0x20000000 [pid 5970] <... futex resumed>) = 0 [pid 5970] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5970] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5971] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5971] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5970] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5970] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5973]}, 88) = 5973 [pid 5970] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5970] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5970] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5973 attached [pid 5973] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5973] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5973] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5973] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5971] <... futex resumed>) = ? [pid 5970] <... futex resumed>) = ? [pid 5971] +++ killed by SIGBUS +++ [pid 5973] +++ killed by SIGBUS +++ [pid 5970] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5970, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./315", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./315/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./315/binderfs") = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./315/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./315/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./315/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 108.041553][ T5971] syz-executor183[5971]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 108.071557][ T5971] loop0: detected capacity change from 0 to 2048 [ 108.082681][ T5971] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./315/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./315") = 0 mkdir("./316", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5974 ./strace-static-x86_64: Process 5974 attached [pid 5974] set_robust_list(0x5555562186a0, 24) = 0 [pid 5974] chdir("./316") = 0 [pid 5974] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5974] setpgid(0, 0) = 0 [pid 5974] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5974] write(3, "1000", 4) = 4 [pid 5974] close(3) = 0 [pid 5974] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5974] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5974] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5974] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5975]}, 88) = 5975 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5974] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5975 attached [pid 5975] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5975] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5975] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5975] memfd_create("syzkaller", 0) = 3 [pid 5975] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5975] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5975] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5975] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5975] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5975] close(3) = 0 [pid 5975] mkdir("./file0", 0777) = 0 [pid 5975] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5975] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5975] chdir("./file0") = 0 [pid 5975] ioctl(4, LOOP_CLR_FD) = 0 [pid 5975] close(4) = 0 [pid 5975] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5975] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5974] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... futex resumed>) = 0 [pid 5975] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5975] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5975] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5975] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5975] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5974] <... futex resumed>) = 0 [pid 5974] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5975] <... open resumed>) = 5 [pid 5975] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5975] <... futex resumed>) = 0 [pid 5974] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5975] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5974] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5974] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5974] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5974] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5974] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 5975] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 5976 attached [pid 5976] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5974] <... clone3 resumed> => {parent_tid=[5976]}, 88) = 5976 [pid 5976] set_robust_list(0x7f3dc0d559a0, 24 [pid 5974] rt_sigprocmask(SIG_SETMASK, [], [pid 5976] <... set_robust_list resumed>) = 0 [pid 5974] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5976] rt_sigprocmask(SIG_SETMASK, [], [pid 5975] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5974] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5976] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5975] <... futex resumed>) = 0 [pid 5974] <... futex resumed>) = 0 [pid 5975] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5976] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5974] ???( [pid 5975] <... futex resumed>) = ? [pid 5974] <... ??? resumed>) = ? [pid 5975] +++ killed by SIGBUS +++ [pid 5976] +++ killed by SIGBUS +++ [pid 5974] +++ killed by SIGBUS +++ [ 108.148438][ T5975] syz-executor183[5975]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 108.171812][ T5975] loop0: detected capacity change from 0 to 2048 [ 108.182255][ T5975] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5974, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./316", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./316/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./316/binderfs") = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./316/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./316/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./316/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./316/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./316") = 0 mkdir("./317", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5977 attached , child_tidptr=0x555556218690) = 5977 [pid 5977] set_robust_list(0x5555562186a0, 24) = 0 [pid 5977] chdir("./317") = 0 [pid 5977] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5977] setpgid(0, 0) = 0 [pid 5977] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5977] write(3, "1000", 4) = 4 [pid 5977] close(3) = 0 [pid 5977] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5977] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5977] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5977] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5978]}, 88) = 5978 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5977] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5978 attached [pid 5978] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5978] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5978] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5978] memfd_create("syzkaller", 0) = 3 [pid 5978] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5978] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5978] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5978] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5978] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5978] close(3) = 0 [pid 5978] mkdir("./file0", 0777) = 0 [pid 5978] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5978] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5978] chdir("./file0") = 0 [pid 5978] ioctl(4, LOOP_CLR_FD) = 0 [pid 5978] close(4) = 0 [pid 5978] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5978] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] <... futex resumed>) = 0 [pid 5978] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5977] <... futex resumed>) = 1 [pid 5977] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... open resumed>) = 4 [pid 5978] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5977] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5978] <... futex resumed>) = 1 [pid 5978] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5978] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5977] <... futex resumed>) = 0 [pid 5978] <... futex resumed>) = 1 [pid 5977] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5978] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5977] <... futex resumed>) = 0 [pid 5978] <... mmap resumed>) = 0x20000000 [pid 5977] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5978] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5978] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5977] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5977] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5977] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5979]}, 88) = 5979 [pid 5977] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5977] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5977] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5979 attached [pid 5979] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5979] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5979] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5979] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5978] <... futex resumed>) = ? [pid 5977] <... futex resumed>) = ? [pid 5978] +++ killed by SIGBUS +++ [pid 5979] +++ killed by SIGBUS +++ [pid 5977] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5977, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./317", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./317/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./317/binderfs") = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./317/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./317/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./317/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./317/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./317") = 0 mkdir("./318", 0777) = 0 [ 108.266301][ T5978] syz-executor183[5978]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 108.289304][ T5978] loop0: detected capacity change from 0 to 2048 [ 108.300067][ T5978] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5980 ./strace-static-x86_64: Process 5980 attached [pid 5980] set_robust_list(0x5555562186a0, 24) = 0 [pid 5980] chdir("./318") = 0 [pid 5980] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5980] setpgid(0, 0) = 0 [pid 5980] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5980] write(3, "1000", 4) = 4 [pid 5980] close(3) = 0 [pid 5980] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5980] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5980] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5980] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5981]}, 88) = 5981 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5981 attached [pid 5981] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5981] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5981] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5981] memfd_create("syzkaller", 0) = 3 [pid 5981] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5981] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5981] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5981] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5981] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5981] close(3) = 0 [pid 5981] mkdir("./file0", 0777) = 0 [pid 5981] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5981] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5981] chdir("./file0") = 0 [pid 5981] ioctl(4, LOOP_CLR_FD) = 0 [pid 5981] close(4) = 0 [pid 5981] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5981] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5980] <... futex resumed>) = 0 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5980] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... open resumed>) = 4 [pid 5981] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5981] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5980] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5981] <... futex resumed>) = 0 [pid 5981] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5981] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5980] <... futex resumed>) = 0 [pid 5980] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5981] <... futex resumed>) = 1 [pid 5980] <... futex resumed>) = 0 [pid 5981] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5980] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5981] <... mmap resumed>) = 0x20000000 [pid 5980] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5980] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5981] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5981] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5980] <... rt_sigprocmask resumed>[], 8) = 0 [pid 5980] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5982 attached => {parent_tid=[5982]}, 88) = 5982 [pid 5980] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5980] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5980] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5982] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5982] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5982] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5982] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5981] <... futex resumed>) = ? [pid 5981] +++ killed by SIGBUS +++ [pid 5980] <... futex resumed>) = ? [pid 5982] +++ killed by SIGBUS +++ [pid 5980] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5980, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./318", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./318/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./318/binderfs") = 0 [ 108.391564][ T5981] loop0: detected capacity change from 0 to 2048 [ 108.405971][ T5981] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./318/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./318/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./318/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./318/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./318") = 0 mkdir("./319", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5983 attached [pid 5983] set_robust_list(0x5555562186a0, 24) = 0 [pid 5983] chdir("./319" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 5983 [pid 5983] <... chdir resumed>) = 0 [pid 5983] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5983] setpgid(0, 0) = 0 [pid 5983] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5983] write(3, "1000", 4) = 4 [pid 5983] close(3) = 0 [pid 5983] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5983] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5983] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5983] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5984 attached => {parent_tid=[5984]}, 88) = 5984 [pid 5984] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], [pid 5984] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5983] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5984] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5983] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5984] memfd_create("syzkaller", 0) = 3 [pid 5984] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5984] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5984] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5984] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5984] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5984] close(3) = 0 [pid 5984] mkdir("./file0", 0777) = 0 [pid 5984] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5984] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5984] chdir("./file0") = 0 [pid 5984] ioctl(4, LOOP_CLR_FD) = 0 [pid 5984] close(4) = 0 [pid 5984] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5984] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] <... futex resumed>) = 0 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] <... open resumed>) = 4 [pid 5984] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5983] <... futex resumed>) = 0 [pid 5983] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5984] <... futex resumed>) = 1 [pid 5984] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5984] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5983] <... futex resumed>) = 0 [pid 5984] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 5983] <... futex resumed>) = 0 [pid 5984] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5983] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5984] <... mmap resumed>) = 0x20000000 [pid 5983] <... futex resumed>) = 0 [pid 5983] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5983] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5984] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5984] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5983] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5983] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5985]}, 88) = 5985 [pid 5983] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5983] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5983] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5985 attached [pid 5985] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5985] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5985] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5985] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5984] <... futex resumed>) = ? [pid 5984] +++ killed by SIGBUS +++ [pid 5985] +++ killed by SIGBUS +++ [pid 5983] <... futex resumed>) = ? [pid 5983] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5983, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./319", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./319/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./319/binderfs") = 0 [ 108.512793][ T5984] loop0: detected capacity change from 0 to 2048 [ 108.523978][ T5984] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./319/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./319/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./319/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./319/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./319") = 0 mkdir("./320", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5986 attached , child_tidptr=0x555556218690) = 5986 [pid 5986] set_robust_list(0x5555562186a0, 24) = 0 [pid 5986] chdir("./320") = 0 [pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5986] setpgid(0, 0) = 0 [pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5986] write(3, "1000", 4) = 4 [pid 5986] close(3) = 0 [pid 5986] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5986] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5986] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5986] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5987]}, 88) = 5987 [pid 5986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5986] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5986] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 5987 attached [pid 5987] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5987] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5987] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5987] memfd_create("syzkaller", 0) = 3 [pid 5987] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5987] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5987] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5987] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5987] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5987] close(3) = 0 [pid 5987] mkdir("./file0", 0777) = 0 [pid 5987] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5987] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5987] chdir("./file0") = 0 [pid 5987] ioctl(4, LOOP_CLR_FD) = 0 [pid 5987] close(4) = 0 [pid 5987] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 1 [pid 5987] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5986] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... open resumed>) = 4 [pid 5987] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5987] <... futex resumed>) = 0 [pid 5987] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5987] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5987] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5986] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5987] <... futex resumed>) = 0 [pid 5986] <... futex resumed>) = 0 [pid 5987] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5986] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 5987] <... mmap resumed>) = 0x20000000 [pid 5987] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5987] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5986] <... mmap resumed>) = 0x7f3dc0d35000 [pid 5986] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5986] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5986] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5988 attached => {parent_tid=[5988]}, 88) = 5988 [pid 5988] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5988] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5988] rt_sigprocmask(SIG_SETMASK, [], [pid 5986] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5986] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5988] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5986] <... futex resumed>) = 0 [pid 5986] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5988] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5986] <... futex resumed>) = ? [pid 5988] +++ killed by SIGBUS +++ [pid 5987] <... futex resumed>) = ? [pid 5987] +++ killed by SIGBUS +++ [pid 5986] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5986, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./320", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./320/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./320/binderfs") = 0 [ 108.625016][ T5987] loop0: detected capacity change from 0 to 2048 [ 108.636413][ T5987] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./320/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./320/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./320/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./320/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./320") = 0 mkdir("./321", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5989 attached , child_tidptr=0x555556218690) = 5989 [pid 5989] set_robust_list(0x5555562186a0, 24) = 0 [pid 5989] chdir("./321") = 0 [pid 5989] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5989] setpgid(0, 0) = 0 [pid 5989] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5989] write(3, "1000", 4) = 4 [pid 5989] close(3) = 0 [pid 5989] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5989] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5989] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5989] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5990 attached => {parent_tid=[5990]}, 88) = 5990 [pid 5990] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 5989] rt_sigprocmask(SIG_SETMASK, [], [pid 5990] <... rseq resumed>) = 0 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5990] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5989] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5990] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] <... futex resumed>) = 0 [pid 5990] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5990] memfd_create("syzkaller", 0) = 3 [pid 5990] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5990] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5990] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5990] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5990] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5990] close(3) = 0 [pid 5990] mkdir("./file0", 0777) = 0 [pid 5990] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5990] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5990] chdir("./file0") = 0 [pid 5990] ioctl(4, LOOP_CLR_FD) = 0 [pid 5990] close(4) = 0 [pid 5990] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5990] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] <... futex resumed>) = 0 [pid 5989] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5990] <... futex resumed>) = 0 [pid 5990] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5989] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... open resumed>) = 4 [pid 5990] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... futex resumed>) = 0 [pid 5989] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... futex resumed>) = 1 [pid 5990] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5990] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... futex resumed>) = 0 [pid 5989] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5989] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 5990] <... futex resumed>) = 1 [pid 5989] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 5990] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 5989] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5989] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5991]}, 88) = 5991 [pid 5989] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 5991 attached [pid 5991] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5991] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5990] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5989] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5991] rt_sigprocmask(SIG_SETMASK, [], [pid 5989] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5991] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5989] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5990] <... futex resumed>) = 0 [pid 5991] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5990] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5989] <... futex resumed>) = ? [pid 5990] <... futex resumed>) = ? [pid 5990] +++ killed by SIGBUS +++ [pid 5991] +++ killed by SIGBUS +++ [pid 5989] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5989, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./321", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./321/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./321/binderfs") = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 108.733349][ T5990] loop0: detected capacity change from 0 to 2048 [ 108.745327][ T5990] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./321/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./321/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./321/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./321/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./321") = 0 mkdir("./322", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 5992 ./strace-static-x86_64: Process 5992 attached [pid 5992] set_robust_list(0x5555562186a0, 24) = 0 [pid 5992] chdir("./322") = 0 [pid 5992] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5992] setpgid(0, 0) = 0 [pid 5992] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5992] write(3, "1000", 4) = 4 [pid 5992] close(3) = 0 [pid 5992] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5992] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5992] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5992] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5992] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[5993]}, 88) = 5993 ./strace-static-x86_64: Process 5993 attached [pid 5992] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5992] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5993] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5993] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5993] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5993] memfd_create("syzkaller", 0) = 3 [pid 5993] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5993] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5993] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5993] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5993] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5993] close(3) = 0 [pid 5993] mkdir("./file0", 0777) = 0 [pid 5993] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5993] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5993] chdir("./file0") = 0 [pid 5993] ioctl(4, LOOP_CLR_FD) = 0 [pid 5993] close(4) = 0 [pid 5993] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5993] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5992] <... futex resumed>) = 1 [pid 5992] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5993] <... open resumed>) = 4 [pid 5993] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... futex resumed>) = 0 [pid 5992] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5993] <... futex resumed>) = 0 [pid 5993] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5993] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5993] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] <... futex resumed>) = 1 [pid 5992] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 5992] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5993] <... futex resumed>) = 0 [pid 5993] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5993] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5992] <... mprotect resumed>) = 0 [pid 5993] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5992] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5992] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 5994 attached => {parent_tid=[5994]}, 88) = 5994 [pid 5994] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5992] rt_sigprocmask(SIG_SETMASK, [], [pid 5994] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5992] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5994] rt_sigprocmask(SIG_SETMASK, [], [pid 5992] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5994] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5992] <... futex resumed>) = 0 [pid 5994] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5992] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 5993] <... futex resumed>) = ? [pid 5993] +++ killed by SIGBUS +++ [pid 5994] +++ killed by SIGBUS +++ [pid 5992] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5992, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./322", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./322/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./322/binderfs") = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./322/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 108.849562][ T5993] loop0: detected capacity change from 0 to 2048 [ 108.866968][ T5993] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./322/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./322/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./322/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./322") = 0 mkdir("./323", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5995 attached , child_tidptr=0x555556218690) = 5995 [pid 5995] set_robust_list(0x5555562186a0, 24) = 0 [pid 5995] chdir("./323") = 0 [pid 5995] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5995] setpgid(0, 0) = 0 [pid 5995] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5995] write(3, "1000", 4) = 4 [pid 5995] close(3) = 0 [pid 5995] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5995] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5995] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5995] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5995] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 5996 attached => {parent_tid=[5996]}, 88) = 5996 [pid 5996] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], [pid 5996] set_robust_list(0x7f3dc90769a0, 24 [pid 5995] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5996] <... set_robust_list resumed>) = 0 [pid 5995] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] rt_sigprocmask(SIG_SETMASK, [], [pid 5995] <... futex resumed>) = 0 [pid 5996] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5995] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 5996] memfd_create("syzkaller", 0) = 3 [pid 5996] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5996] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 5996] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 5996] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 5996] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 5996] close(3) = 0 [pid 5996] mkdir("./file0", 0777) = 0 [pid 5996] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 5996] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 5996] chdir("./file0") = 0 [pid 5996] ioctl(4, LOOP_CLR_FD) = 0 [pid 5996] close(4) = 0 [pid 5996] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] <... futex resumed>) = 1 [pid 5996] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 5996] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5996] <... futex resumed>) = 1 [pid 5995] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 5996] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5996] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5995] <... futex resumed>) = 0 [pid 5995] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5996] <... futex resumed>) = 1 [pid 5995] <... futex resumed>) = 0 [pid 5996] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5995] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5995] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[5998]}, 88) = 5998 [pid 5995] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5995] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5995] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 5998 attached [pid 5998] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5998] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 5998] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 5998] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5996] <... futex resumed>) = ? [pid 5995] <... futex resumed>) = ? [pid 5998] +++ killed by SIGBUS +++ [pid 5996] +++ killed by SIGBUS +++ [pid 5995] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5995, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./323", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 108.962565][ T5996] loop0: detected capacity change from 0 to 2048 [ 108.973200][ T5996] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./323", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./323/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./323/binderfs") = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./323/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./323/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./323/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./323/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./323") = 0 mkdir("./324", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5999 attached , child_tidptr=0x555556218690) = 5999 [pid 5999] set_robust_list(0x5555562186a0, 24) = 0 [pid 5999] chdir("./324") = 0 [pid 5999] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5999] setpgid(0, 0) = 0 [pid 5999] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 5999] write(3, "1000", 4) = 4 [pid 5999] close(3) = 0 [pid 5999] symlink("/dev/binderfs", "./binderfs") = 0 [pid 5999] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 5999] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 5999] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6000 attached [pid 6000] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 5999] <... clone3 resumed> => {parent_tid=[6000]}, 88) = 6000 [pid 6000] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 6000] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6000] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = 0 [pid 5999] <... futex resumed>) = 1 [pid 5999] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6000] memfd_create("syzkaller", 0) = 3 [pid 6000] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6000] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6000] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6000] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6000] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6000] close(3) = 0 [pid 6000] mkdir("./file0", 0777) = 0 [pid 6000] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6000] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6000] chdir("./file0") = 0 [pid 6000] ioctl(4, LOOP_CLR_FD) = 0 [pid 6000] close(4) = 0 [pid 6000] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6000] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... open resumed>) = 4 [pid 6000] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 6000] <... futex resumed>) = 1 [pid 5999] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 5999] <... futex resumed>) = 0 [pid 5999] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 5999] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6000] <... futex resumed>) = 1 [pid 5999] <... futex resumed>) = 0 [pid 6000] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 5999] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6000] <... mmap resumed>) = 0x20000000 [pid 5999] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6000] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6000] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 5999] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5999] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 5999] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6001 attached [pid 6001] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 5999] <... clone3 resumed> => {parent_tid=[6001]}, 88) = 6001 [pid 6001] set_robust_list(0x7f3dc0d559a0, 24 [pid 5999] rt_sigprocmask(SIG_SETMASK, [], [pid 6001] <... set_robust_list resumed>) = 0 [pid 5999] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6001] rt_sigprocmask(SIG_SETMASK, [], [pid 5999] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6001] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 5999] <... futex resumed>) = 0 [pid 6001] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 5999] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6000] <... futex resumed>) = ? [pid 6001] +++ killed by SIGBUS +++ [pid 6000] +++ killed by SIGBUS +++ [pid 5999] <... futex resumed>) = ? [pid 5999] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5999, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./324", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./324/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./324/binderfs") = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./324/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./324/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./324/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./324/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./324") = 0 mkdir("./325", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 109.079883][ T6000] loop0: detected capacity change from 0 to 2048 [ 109.092240][ T6000] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6002 ./strace-static-x86_64: Process 6002 attached [pid 6002] set_robust_list(0x5555562186a0, 24) = 0 [pid 6002] chdir("./325") = 0 [pid 6002] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6002] setpgid(0, 0) = 0 [pid 6002] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6002] write(3, "1000", 4) = 4 [pid 6002] close(3) = 0 [pid 6002] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6002] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6002] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6002] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6003]}, 88) = 6003 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6002] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6003 attached ) = 0 [pid 6002] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6003] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6003] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6003] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6003] memfd_create("syzkaller", 0) = 3 [pid 6003] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6003] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6003] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6003] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6003] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6003] close(3) = 0 [pid 6003] mkdir("./file0", 0777) = 0 [pid 6003] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6003] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6003] chdir("./file0") = 0 [pid 6003] ioctl(4, LOOP_CLR_FD) = 0 [pid 6003] close(4) = 0 [pid 6003] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6003] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6003] <... futex resumed>) = 0 [pid 6003] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6002] <... futex resumed>) = 1 [pid 6002] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6003] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6003] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] <... futex resumed>) = 0 [pid 6002] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6002] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6003] <... futex resumed>) = 0 [pid 6003] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6002] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6002] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6003] <... mmap resumed>) = 0x20000000 [pid 6002] <... mprotect resumed>) = 0 [pid 6002] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6002] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6003] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6004 attached [pid 6004] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6004] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6004] rt_sigprocmask(SIG_SETMASK, [], [pid 6003] <... futex resumed>) = 0 [pid 6003] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6004] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6004] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6002] <... clone3 resumed> => {parent_tid=[6004]}, 88) = 6004 [pid 6002] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6002] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6002] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6004] <... futex resumed>) = 0 [pid 6004] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6002] <... futex resumed>) = ? [pid 6004] +++ killed by SIGBUS +++ [pid 6003] <... futex resumed>) = ? [pid 6003] +++ killed by SIGBUS +++ [pid 6002] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6002, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./325", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./325/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./325/binderfs") = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./325/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./325/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./325/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./325/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./325") = 0 mkdir("./326", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 109.178245][ T6003] loop0: detected capacity change from 0 to 2048 [ 109.189952][ T6003] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6006 ./strace-static-x86_64: Process 6006 attached [pid 6006] set_robust_list(0x5555562186a0, 24) = 0 [pid 6006] chdir("./326") = 0 [pid 6006] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6006] setpgid(0, 0) = 0 [pid 6006] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6006] write(3, "1000", 4) = 4 [pid 6006] close(3) = 0 [pid 6006] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6006] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6006] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6006] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6006] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6006] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6007 attached => {parent_tid=[6007]}, 88) = 6007 [pid 6007] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], [pid 6007] set_robust_list(0x7f3dc90769a0, 24 [pid 6006] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6007] <... set_robust_list resumed>) = 0 [pid 6006] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] rt_sigprocmask(SIG_SETMASK, [], [pid 6006] <... futex resumed>) = 0 [pid 6007] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6006] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6007] memfd_create("syzkaller", 0) = 3 [pid 6007] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6007] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6007] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6007] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6007] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6007] close(3) = 0 [pid 6007] mkdir("./file0", 0777) = 0 [pid 6007] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6007] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6007] chdir("./file0") = 0 [pid 6007] ioctl(4, LOOP_CLR_FD) = 0 [pid 6007] close(4) = 0 [pid 6007] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6007] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6007] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... open resumed>) = 4 [pid 6007] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6007] <... futex resumed>) = 1 [pid 6006] <... futex resumed>) = 0 [pid 6007] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6006] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6007] <... open resumed>) = 5 [pid 6007] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6006] <... futex resumed>) = 0 [pid 6006] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6007] <... futex resumed>) = 1 [pid 6006] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6007] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6007] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6007] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6006] <... clone3 resumed> => {parent_tid=[6008]}, 88) = 6008 [pid 6006] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6006] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6006] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6008 attached [pid 6008] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6008] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6008] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6008] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6007] <... futex resumed>) = ? [pid 6006] <... futex resumed>) = ? [pid 6007] +++ killed by SIGBUS +++ [pid 6008] +++ killed by SIGBUS +++ [pid 6006] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6006, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./326", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./326/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./326/binderfs") = 0 [ 109.331318][ T6007] loop0: detected capacity change from 0 to 2048 [ 109.342882][ T6007] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./326/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./326/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./326/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./326/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./326") = 0 mkdir("./327", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6009 attached , child_tidptr=0x555556218690) = 6009 [pid 6009] set_robust_list(0x5555562186a0, 24) = 0 [pid 6009] chdir("./327") = 0 [pid 6009] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6009] setpgid(0, 0) = 0 [pid 6009] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6009] write(3, "1000", 4) = 4 [pid 6009] close(3) = 0 [pid 6009] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6009] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6009] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6009] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6010 attached => {parent_tid=[6010]}, 88) = 6010 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6009] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6010] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6010] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6010] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6010] memfd_create("syzkaller", 0) = 3 [pid 6010] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6010] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6010] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6010] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6010] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6010] close(3) = 0 [pid 6010] mkdir("./file0", 0777) = 0 [pid 6010] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6010] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6010] chdir("./file0") = 0 [pid 6010] ioctl(4, LOOP_CLR_FD) = 0 [pid 6010] close(4) = 0 [pid 6010] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] <... futex resumed>) = 0 [pid 6009] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6010] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6010] <... futex resumed>) = 0 [pid 6009] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6010] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6009] <... futex resumed>) = 0 [pid 6010] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6010] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6010] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6009] <... futex resumed>) = 0 [pid 6009] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6009] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6010] <... mmap resumed>) = 0x20000000 [pid 6009] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6010] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6010] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6009] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6009] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6009] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6011 attached => {parent_tid=[6011]}, 88) = 6011 [pid 6011] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6009] rt_sigprocmask(SIG_SETMASK, [], [pid 6011] set_robust_list(0x7f3dc0d559a0, 24 [pid 6009] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6011] <... set_robust_list resumed>) = 0 [pid 6009] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6011] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6009] <... futex resumed>) = 0 [pid 6011] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6009] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6010] <... futex resumed>) = ? [pid 6009] <... futex resumed>) = ? [pid 6011] +++ killed by SIGBUS +++ [pid 6010] +++ killed by SIGBUS +++ [pid 6009] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6009, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./327", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./327/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./327/binderfs") = 0 [ 109.448069][ T6010] loop0: detected capacity change from 0 to 2048 [ 109.459657][ T6010] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./327/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./327/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./327/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./327/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./327") = 0 mkdir("./328", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6012 ./strace-static-x86_64: Process 6012 attached [pid 6012] set_robust_list(0x5555562186a0, 24) = 0 [pid 6012] chdir("./328") = 0 [pid 6012] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6012] setpgid(0, 0) = 0 [pid 6012] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6012] write(3, "1000", 4) = 4 [pid 6012] close(3) = 0 [pid 6012] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6012] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6012] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6012] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6013]}, 88) = 6013 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6012] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6013 attached [pid 6013] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6013] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6013] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6013] memfd_create("syzkaller", 0) = 3 [pid 6013] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6013] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6013] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6013] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6013] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6013] close(3) = 0 [pid 6013] mkdir("./file0", 0777) = 0 [pid 6013] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6013] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6013] chdir("./file0") = 0 [pid 6013] ioctl(4, LOOP_CLR_FD) = 0 [pid 6013] close(4) = 0 [pid 6013] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6012] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6013] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6013] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6012] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] <... open resumed>) = 5 [pid 6012] <... futex resumed>) = 0 [pid 6012] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6013] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6012] <... futex resumed>) = 0 [pid 6013] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6012] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6013] <... mmap resumed>) = 0x20000000 [pid 6012] <... futex resumed>) = 0 [pid 6012] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6012] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6013] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6013] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6012] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6012] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6012] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6014 attached [pid 6014] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6014] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6014] rt_sigprocmask(SIG_SETMASK, [], [pid 6012] <... clone3 resumed> => {parent_tid=[6014]}, 88) = 6014 [pid 6014] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6012] rt_sigprocmask(SIG_SETMASK, [], [pid 6014] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6012] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6012] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6014] <... futex resumed>) = 0 [pid 6014] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6012] <... futex resumed>) = 1 [pid 6012] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6014] +++ killed by SIGBUS +++ [pid 6013] <... futex resumed>) = ? [pid 6013] +++ killed by SIGBUS +++ [pid 6012] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6012, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 [ 109.560751][ T6013] loop0: detected capacity change from 0 to 2048 [ 109.572332][ T6013] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./328", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./328/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./328/binderfs") = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./328/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./328/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./328/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./328/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./328") = 0 mkdir("./329", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6015 attached , child_tidptr=0x555556218690) = 6015 [pid 6015] set_robust_list(0x5555562186a0, 24) = 0 [pid 6015] chdir("./329") = 0 [pid 6015] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6015] setpgid(0, 0) = 0 [pid 6015] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6015] write(3, "1000", 4) = 4 [pid 6015] close(3) = 0 [pid 6015] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6015] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6015] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6015] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6016]}, 88) = 6016 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6015] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6015] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6016 attached [pid 6016] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6016] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6016] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6016] memfd_create("syzkaller", 0) = 3 [pid 6016] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6016] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6016] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6016] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6016] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6016] close(3) = 0 [pid 6016] mkdir("./file0", 0777) = 0 [pid 6016] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6016] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6016] chdir("./file0") = 0 [pid 6016] ioctl(4, LOOP_CLR_FD) = 0 [pid 6016] close(4) = 0 [pid 6016] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6016] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... futex resumed>) = 0 [pid 6015] <... futex resumed>) = 1 [pid 6016] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6015] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... open resumed>) = 4 [pid 6016] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6015] <... futex resumed>) = 0 [pid 6016] <... open resumed>) = 5 [pid 6015] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6015] <... futex resumed>) = 0 [pid 6016] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6015] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6016] <... mmap resumed>) = 0x20000000 [pid 6015] <... futex resumed>) = 0 [pid 6015] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6016] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6015] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6015] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6015] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6015] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6017 attached [pid 6017] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6015] <... clone3 resumed> => {parent_tid=[6017]}, 88) = 6017 [pid 6017] <... rseq resumed>) = 0 [pid 6015] rt_sigprocmask(SIG_SETMASK, [], [pid 6017] set_robust_list(0x7f3dc0d559a0, 24 [pid 6015] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] <... set_robust_list resumed>) = 0 [pid 6015] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6017] rt_sigprocmask(SIG_SETMASK, [], [pid 6015] <... futex resumed>) = 0 [pid 6017] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6017] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6015] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6016] <... futex resumed>) = ? [pid 6015] <... futex resumed>) = ? [pid 6016] +++ killed by SIGBUS +++ [pid 6017] +++ killed by SIGBUS +++ [pid 6015] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6015, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./329", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./329/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./329/binderfs") = 0 [ 109.680947][ T6016] loop0: detected capacity change from 0 to 2048 [ 109.693921][ T6016] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./329/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./329/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./329/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./329/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./329") = 0 mkdir("./330", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6018 attached , child_tidptr=0x555556218690) = 6018 [pid 6018] set_robust_list(0x5555562186a0, 24) = 0 [pid 6018] chdir("./330") = 0 [pid 6018] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6018] setpgid(0, 0) = 0 [pid 6018] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6018] write(3, "1000", 4) = 4 [pid 6018] close(3) = 0 [pid 6018] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6018] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6018] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6018] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6018] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6019 attached => {parent_tid=[6019]}, 88) = 6019 [pid 6019] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6019] <... rseq resumed>) = 0 [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6019] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6018] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] <... futex resumed>) = 0 [pid 6019] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6019] memfd_create("syzkaller", 0) = 3 [pid 6019] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6019] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6019] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6019] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6019] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6019] close(3) = 0 [pid 6019] mkdir("./file0", 0777) = 0 [pid 6019] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6019] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6019] chdir("./file0") = 0 [pid 6019] ioctl(4, LOOP_CLR_FD) = 0 [pid 6019] close(4) = 0 [pid 6019] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6019] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6019] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6018] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6019] <... open resumed>) = 4 [pid 6019] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6018] <... futex resumed>) = 0 [pid 6019] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6018] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... open resumed>) = 5 [pid 6018] <... futex resumed>) = 0 [pid 6019] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6018] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6019] <... futex resumed>) = 0 [pid 6018] <... futex resumed>) = 1 [pid 6019] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6018] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] <... mmap resumed>) = 0x20000000 [pid 6018] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6019] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6019] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6018] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6018] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6018] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6018] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6021 attached => {parent_tid=[6021]}, 88) = 6021 [pid 6021] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6018] rt_sigprocmask(SIG_SETMASK, [], [pid 6021] set_robust_list(0x7f3dc0d559a0, 24 [pid 6018] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6021] <... set_robust_list resumed>) = 0 [pid 6021] rt_sigprocmask(SIG_SETMASK, [], [pid 6018] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6021] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6018] <... futex resumed>) = 0 [pid 6018] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6021] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6019] <... futex resumed>) = ? [pid 6018] <... futex resumed>) = ? [pid 6019] +++ killed by SIGBUS +++ [pid 6021] +++ killed by SIGBUS +++ [pid 6018] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6018, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./330", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./330/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./330/binderfs") = 0 [ 109.786457][ T6019] loop0: detected capacity change from 0 to 2048 [ 109.798602][ T6019] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./330/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./330/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./330/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./330/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./330") = 0 mkdir("./331", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6023 attached , child_tidptr=0x555556218690) = 6023 [pid 6023] set_robust_list(0x5555562186a0, 24) = 0 [pid 6023] chdir("./331") = 0 [pid 6023] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6023] setpgid(0, 0) = 0 [pid 6023] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6023] write(3, "1000", 4) = 4 [pid 6023] close(3) = 0 [pid 6023] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6023] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6023] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6023] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6024 attached => {parent_tid=[6024]}, 88) = 6024 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6024] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6023] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6024] <... rseq resumed>) = 0 [pid 6024] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6024] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6024] memfd_create("syzkaller", 0) = 3 [pid 6024] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6024] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6024] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6024] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6024] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6024] close(3) = 0 [pid 6024] mkdir("./file0", 0777) = 0 [pid 6024] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6024] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6024] chdir("./file0") = 0 [pid 6024] ioctl(4, LOOP_CLR_FD) = 0 [pid 6024] close(4) = 0 [pid 6024] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6024] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] <... futex resumed>) = 1 [pid 6024] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6024] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6023] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6023] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6023] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6023] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6025 attached => {parent_tid=[6025]}, 88) = 6025 [pid 6025] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6023] rt_sigprocmask(SIG_SETMASK, [], [pid 6025] <... rseq resumed>) = 0 [pid 6024] <... futex resumed>) = 1 [pid 6023] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6025] set_robust_list(0x7f3dc0d559a0, 24 [pid 6024] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6023] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6025] <... set_robust_list resumed>) = 0 [pid 6024] <... mmap resumed>) = 0x20000000 [pid 6023] <... futex resumed>) = 0 [pid 6023] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6024] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6024] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6025] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6025] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6024] <... futex resumed>) = ? [pid 6024] +++ killed by SIGBUS +++ [pid 6023] <... futex resumed>) = ? [pid 6025] +++ killed by SIGBUS +++ [pid 6023] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6023, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./331", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./331/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./331/binderfs") = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./331/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./331/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./331/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./331/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./331") = 0 mkdir("./332", 0777) = 0 [ 109.909972][ T6024] loop0: detected capacity change from 0 to 2048 [ 109.922654][ T6024] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6026 ./strace-static-x86_64: Process 6026 attached [pid 6026] set_robust_list(0x5555562186a0, 24) = 0 [pid 6026] chdir("./332") = 0 [pid 6026] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6026] setpgid(0, 0) = 0 [pid 6026] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6026] write(3, "1000", 4) = 4 [pid 6026] close(3) = 0 [pid 6026] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6026] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6026] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6026] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6027]}, 88) = 6027 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6026] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6027 attached [pid 6027] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6027] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6027] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6027] memfd_create("syzkaller", 0) = 3 [pid 6027] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6027] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6027] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6027] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6027] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6027] close(3) = 0 [pid 6027] mkdir("./file0", 0777) = 0 [pid 6027] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6027] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6027] chdir("./file0") = 0 [pid 6027] ioctl(4, LOOP_CLR_FD) = 0 [pid 6027] close(4) = 0 [pid 6027] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6026] <... futex resumed>) = 0 [pid 6027] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6026] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... open resumed>) = 4 [pid 6027] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6027] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... futex resumed>) = 0 [pid 6026] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6027] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6026] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6027] <... open resumed>) = 5 [pid 6027] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6026] <... futex resumed>) = 0 [pid 6027] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... futex resumed>) = 0 [pid 6026] <... futex resumed>) = 1 [pid 6027] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6026] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6027] <... mmap resumed>) = 0x20000000 [pid 6026] <... futex resumed>) = 0 [pid 6026] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6027] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6026] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6027] <... futex resumed>) = 0 [pid 6026] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6027] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6026] <... mprotect resumed>) = 0 [pid 6026] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6026] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6029 attached => {parent_tid=[6029]}, 88) = 6029 [pid 6026] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6026] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6026] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6029] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6029] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6029] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6029] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6027] <... futex resumed>) = ? [pid 6029] +++ killed by SIGBUS +++ [pid 6027] +++ killed by SIGBUS +++ [pid 6026] <... futex resumed>) = ? [pid 6026] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6026, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./332", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 [ 110.018102][ T6027] loop0: detected capacity change from 0 to 2048 [ 110.029954][ T6027] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./332/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./332/binderfs") = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./332/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./332/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./332/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./332/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./332") = 0 mkdir("./333", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6030 attached , child_tidptr=0x555556218690) = 6030 [pid 6030] set_robust_list(0x5555562186a0, 24) = 0 [pid 6030] chdir("./333") = 0 [pid 6030] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6030] setpgid(0, 0) = 0 [pid 6030] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6030] write(3, "1000", 4) = 4 [pid 6030] close(3) = 0 [pid 6030] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6030] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6030] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6030] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6031 attached [pid 6031] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6030] <... clone3 resumed> => {parent_tid=[6031]}, 88) = 6031 [pid 6031] <... rseq resumed>) = 0 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], [pid 6031] set_robust_list(0x7f3dc90769a0, 24 [pid 6030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6031] <... set_robust_list resumed>) = 0 [pid 6031] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6030] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] memfd_create("syzkaller", 0 [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6031] <... memfd_create resumed>) = 3 [pid 6031] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6031] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6031] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6031] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6031] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6031] close(3) = 0 [pid 6031] mkdir("./file0", 0777) = 0 [pid 6031] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6031] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6031] chdir("./file0") = 0 [pid 6031] ioctl(4, LOOP_CLR_FD) = 0 [pid 6031] close(4) = 0 [pid 6031] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6031] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 0 [pid 6030] <... futex resumed>) = 1 [pid 6031] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6030] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] <... open resumed>) = 4 [pid 6031] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6031] <... futex resumed>) = 1 [pid 6030] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6030] <... futex resumed>) = 0 [pid 6031] <... open resumed>) = 5 [pid 6030] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6031] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] <... futex resumed>) = 0 [pid 6030] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6030] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6031] <... futex resumed>) = 1 [pid 6030] <... futex resumed>) = 0 [pid 6031] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6030] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6031] <... mmap resumed>) = 0x20000000 [pid 6030] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6030] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6030] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6032 attached => {parent_tid=[6032]}, 88) = 6032 [pid 6031] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6030] rt_sigprocmask(SIG_SETMASK, [], [pid 6031] <... futex resumed>) = 0 [pid 6030] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6031] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6030] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6032] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6030] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6032] <... rseq resumed>) = 0 [pid 6032] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6032] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6032] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6030] <... futex resumed>) = ? [pid 6031] <... futex resumed>) = ? [pid 6031] +++ killed by SIGBUS +++ [pid 6032] +++ killed by SIGBUS +++ [pid 6030] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6030, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./333", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./333/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./333/binderfs") = 0 [ 110.148272][ T6031] loop0: detected capacity change from 0 to 2048 [ 110.160707][ T6031] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./333/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./333/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./333/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./333/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./333") = 0 mkdir("./334", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6033 ./strace-static-x86_64: Process 6033 attached [pid 6033] set_robust_list(0x5555562186a0, 24) = 0 [pid 6033] chdir("./334") = 0 [pid 6033] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6033] setpgid(0, 0) = 0 [pid 6033] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6033] write(3, "1000", 4) = 4 [pid 6033] close(3) = 0 [pid 6033] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6033] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6033] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6033] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6033] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6033] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6034]}, 88) = 6034 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6033] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6034 attached [pid 6034] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6034] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6034] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6034] memfd_create("syzkaller", 0) = 3 [pid 6034] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6034] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6034] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6034] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6034] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6034] close(3) = 0 [pid 6034] mkdir("./file0", 0777) = 0 [pid 6034] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6034] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6034] chdir("./file0") = 0 [pid 6034] ioctl(4, LOOP_CLR_FD) = 0 [pid 6034] close(4) = 0 [pid 6034] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] <... futex resumed>) = 0 [pid 6033] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6034] <... futex resumed>) = 0 [pid 6034] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6034] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] <... futex resumed>) = 1 [pid 6034] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6033] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6034] <... futex resumed>) = 0 [pid 6034] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6033] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6033] <... futex resumed>) = 0 [pid 6033] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6033] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6034] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6034] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6035 attached [pid 6035] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6034] <... futex resumed>) = 0 [pid 6035] <... rseq resumed>) = 0 [pid 6034] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] <... clone3 resumed> => {parent_tid=[6035]}, 88) = 6035 [pid 6035] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6035] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6033] rt_sigprocmask(SIG_SETMASK, [], [pid 6035] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6033] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6035] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6033] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6035] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6033] <... futex resumed>) = 0 [pid 6033] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6034] <... futex resumed>) = ? [pid 6033] <... futex resumed>) = ? [pid 6035] +++ killed by SIGBUS +++ [pid 6034] +++ killed by SIGBUS +++ [pid 6033] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6033, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./334", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./334/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./334/binderfs") = 0 [ 110.262500][ T6034] loop0: detected capacity change from 0 to 2048 [ 110.274377][ T6034] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./334/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./334/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./334/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./334/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./334") = 0 mkdir("./335", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6036 ./strace-static-x86_64: Process 6036 attached [pid 6036] set_robust_list(0x5555562186a0, 24) = 0 [pid 6036] chdir("./335") = 0 [pid 6036] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6036] setpgid(0, 0) = 0 [pid 6036] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6036] write(3, "1000", 4) = 4 [pid 6036] close(3) = 0 [pid 6036] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6036] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6036] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6036] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6037 attached [pid 6037] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6036] <... clone3 resumed> => {parent_tid=[6037]}, 88) = 6037 [pid 6037] <... rseq resumed>) = 0 [pid 6037] set_robust_list(0x7f3dc90769a0, 24 [pid 6036] rt_sigprocmask(SIG_SETMASK, [], [pid 6037] <... set_robust_list resumed>) = 0 [pid 6036] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] rt_sigprocmask(SIG_SETMASK, [], [pid 6036] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6037] memfd_create("syzkaller", 0 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6037] <... memfd_create resumed>) = 3 [pid 6037] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6037] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6037] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6037] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6037] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6037] close(3) = 0 [pid 6037] mkdir("./file0", 0777) = 0 [pid 6037] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6037] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6037] chdir("./file0") = 0 [pid 6037] ioctl(4, LOOP_CLR_FD) = 0 [pid 6037] close(4) = 0 [pid 6037] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6036] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] <... open resumed>) = 4 [pid 6037] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6037] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... futex resumed>) = 0 [pid 6036] <... futex resumed>) = 1 [pid 6036] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6037] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6037] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6036] <... futex resumed>) = 0 [pid 6037] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6036] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] <... mmap resumed>) = 0x20000000 [pid 6036] <... futex resumed>) = 0 [pid 6036] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6037] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6036] <... futex resumed>) = 0 [pid 6037] <... futex resumed>) = 0 [pid 6036] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6037] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6036] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6036] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6036] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6036] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6038 attached => {parent_tid=[6038]}, 88) = 6038 [pid 6036] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6036] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6036] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6038] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6038] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6038] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6038] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6037] <... futex resumed>) = ? [pid 6036] <... futex resumed>) = ? [pid 6038] +++ killed by SIGBUS +++ [pid 6037] +++ killed by SIGBUS +++ [pid 6036] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6036, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./335", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./335/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./335/binderfs") = 0 [ 110.387578][ T6037] loop0: detected capacity change from 0 to 2048 [ 110.398934][ T6037] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./335/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./335/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./335/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./335/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./335") = 0 mkdir("./336", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6039 attached , child_tidptr=0x555556218690) = 6039 [pid 6039] set_robust_list(0x5555562186a0, 24) = 0 [pid 6039] chdir("./336") = 0 [pid 6039] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6039] setpgid(0, 0) = 0 [pid 6039] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6039] write(3, "1000", 4) = 4 [pid 6039] close(3) = 0 [pid 6039] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6039] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6039] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6039] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6040 attached [pid 6040] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6039] <... clone3 resumed> => {parent_tid=[6040]}, 88) = 6040 [pid 6040] <... rseq resumed>) = 0 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], [pid 6040] set_robust_list(0x7f3dc90769a0, 24 [pid 6039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6040] <... set_robust_list resumed>) = 0 [pid 6039] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6040] rt_sigprocmask(SIG_SETMASK, [], [pid 6039] <... futex resumed>) = 0 [pid 6040] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6040] memfd_create("syzkaller", 0) = 3 [pid 6040] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6040] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6040] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6040] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6040] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6040] close(3) = 0 [pid 6040] mkdir("./file0", 0777) = 0 [pid 6040] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6040] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6040] chdir("./file0") = 0 [pid 6040] ioctl(4, LOOP_CLR_FD) = 0 [pid 6040] close(4) = 0 [pid 6040] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] <... futex resumed>) = 1 [pid 6040] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6040] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6039] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6040] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6040] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] <... futex resumed>) = 0 [pid 6040] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6039] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6040] <... futex resumed>) = 0 [pid 6040] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6039] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6040] <... mmap resumed>) = 0x20000000 [pid 6040] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6040] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6039] <... mprotect resumed>) = 0 [pid 6039] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6039] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6041 attached => {parent_tid=[6041]}, 88) = 6041 [pid 6039] rt_sigprocmask(SIG_SETMASK, [], [pid 6041] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6039] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6039] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6039] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6041] <... rseq resumed>) = 0 [pid 6041] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6041] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6041] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6040] <... futex resumed>) = ? [pid 6040] +++ killed by SIGBUS +++ [pid 6039] <... futex resumed>) = ? [pid 6041] +++ killed by SIGBUS +++ [pid 6039] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6039, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./336", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./336/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./336/binderfs") = 0 [ 110.500474][ T6040] loop0: detected capacity change from 0 to 2048 [ 110.512523][ T6040] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./336/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./336/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./336/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./336/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./336") = 0 mkdir("./337", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6042 attached , child_tidptr=0x555556218690) = 6042 [pid 6042] set_robust_list(0x5555562186a0, 24) = 0 [pid 6042] chdir("./337") = 0 [pid 6042] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6042] setpgid(0, 0) = 0 [pid 6042] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6042] write(3, "1000", 4) = 4 [pid 6042] close(3) = 0 [pid 6042] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6042] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6042] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6042] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6043 attached [pid 6043] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6042] <... clone3 resumed> => {parent_tid=[6043]}, 88) = 6043 [pid 6043] <... rseq resumed>) = 0 [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6043] set_robust_list(0x7f3dc90769a0, 24 [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6043] <... set_robust_list resumed>) = 0 [pid 6042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] rt_sigprocmask(SIG_SETMASK, [], [pid 6042] <... futex resumed>) = 0 [pid 6043] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6043] memfd_create("syzkaller", 0) = 3 [pid 6043] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6043] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6043] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6043] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6043] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6043] close(3) = 0 [pid 6043] mkdir("./file0", 0777) = 0 [pid 6043] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6043] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6043] chdir("./file0") = 0 [pid 6043] ioctl(4, LOOP_CLR_FD) = 0 [pid 6043] close(4) = 0 [pid 6043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6042] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] <... futex resumed>) = 1 [pid 6043] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6042] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6042] <... futex resumed>) = 0 [pid 6042] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] <... futex resumed>) = 1 [pid 6042] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6043] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6042] <... futex resumed>) = 0 [pid 6043] <... mmap resumed>) = 0x20000000 [pid 6042] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6042] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6043] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6043] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] <... mprotect resumed>) = 0 [pid 6042] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6042] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6044 attached [pid 6044] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6044] set_robust_list(0x7f3dc0d559a0, 24 [pid 6042] <... clone3 resumed> => {parent_tid=[6044]}, 88) = 6044 [pid 6044] <... set_robust_list resumed>) = 0 [pid 6044] rt_sigprocmask(SIG_SETMASK, [], [pid 6042] rt_sigprocmask(SIG_SETMASK, [], [pid 6044] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6042] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6044] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6042] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6044] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6044] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6042] <... futex resumed>) = 0 [pid 6043] <... futex resumed>) = ? [pid 6044] +++ killed by SIGBUS +++ [pid 6043] +++ killed by SIGBUS +++ [pid 6042] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6042, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./337", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./337/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./337/binderfs") = 0 [ 110.602230][ T6043] loop0: detected capacity change from 0 to 2048 [ 110.616378][ T6043] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./337/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./337/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./337/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./337/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./337") = 0 mkdir("./338", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6045 attached , child_tidptr=0x555556218690) = 6045 [pid 6045] set_robust_list(0x5555562186a0, 24) = 0 [pid 6045] chdir("./338") = 0 [pid 6045] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6045] setpgid(0, 0) = 0 [pid 6045] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6045] write(3, "1000", 4) = 4 [pid 6045] close(3) = 0 [pid 6045] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6045] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6045] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6045] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6046 attached [pid 6046] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6045] <... clone3 resumed> => {parent_tid=[6046]}, 88) = 6046 [pid 6046] <... rseq resumed>) = 0 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], [pid 6046] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6046] rt_sigprocmask(SIG_SETMASK, [], [pid 6045] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6046] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6045] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6046] memfd_create("syzkaller", 0) = 3 [pid 6046] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6046] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6046] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6046] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6046] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6046] close(3) = 0 [pid 6046] mkdir("./file0", 0777) = 0 [pid 6046] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6046] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6046] chdir("./file0") = 0 [pid 6046] ioctl(4, LOOP_CLR_FD) = 0 [pid 6046] close(4) = 0 [pid 6046] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] <... futex resumed>) = 1 [pid 6046] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6046] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6046] <... futex resumed>) = 1 [pid 6045] <... futex resumed>) = 0 [pid 6046] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6045] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6046] <... open resumed>) = 5 [pid 6046] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6045] <... futex resumed>) = 0 [pid 6045] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] <... futex resumed>) = 1 [pid 6045] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6046] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6045] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6046] <... mmap resumed>) = 0x20000000 [pid 6045] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6045] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6045] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6046] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6046] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6045] <... clone3 resumed> => {parent_tid=[6047]}, 88) = 6047 [pid 6045] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6045] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6045] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6047 attached [pid 6047] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6047] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6047] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6047] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6046] <... futex resumed>) = ? [pid 6045] <... futex resumed>) = ? [pid 6047] +++ killed by SIGBUS +++ [pid 6046] +++ killed by SIGBUS +++ [pid 6045] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6045, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./338", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./338/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./338/binderfs") = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./338/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./338/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./338/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./338/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 [ 110.720066][ T6046] loop0: detected capacity change from 0 to 2048 [ 110.731314][ T6046] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 rmdir("./338") = 0 mkdir("./339", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6048 attached , child_tidptr=0x555556218690) = 6048 [pid 6048] set_robust_list(0x5555562186a0, 24) = 0 [pid 6048] chdir("./339") = 0 [pid 6048] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6048] setpgid(0, 0) = 0 [pid 6048] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6048] write(3, "1000", 4) = 4 [pid 6048] close(3) = 0 [pid 6048] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6048] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6048] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6048] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6049]}, 88) = 6049 [pid 6048] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6049 attached [pid 6049] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6049] set_robust_list(0x7f3dc90769a0, 24 [pid 6048] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6049] <... set_robust_list resumed>) = 0 [pid 6048] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6049] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6049] memfd_create("syzkaller", 0) = 3 [pid 6049] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6049] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6049] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6049] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6049] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6049] close(3) = 0 [pid 6049] mkdir("./file0", 0777) = 0 [pid 6049] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6049] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6049] chdir("./file0") = 0 [pid 6049] ioctl(4, LOOP_CLR_FD) = 0 [pid 6049] close(4) = 0 [pid 6049] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = 1 [pid 6049] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6048] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... open resumed>) = 4 [pid 6049] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = 1 [pid 6049] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6048] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6049] <... open resumed>) = 5 [pid 6049] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6049] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] <... futex resumed>) = 0 [pid 6048] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... futex resumed>) = 0 [pid 6048] <... futex resumed>) = 1 [pid 6049] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6048] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6049] <... mmap resumed>) = 0x20000000 [pid 6048] <... futex resumed>) = 0 [pid 6049] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6048] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6049] <... futex resumed>) = 0 [pid 6048] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6049] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6048] <... mprotect resumed>) = 0 [pid 6048] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6048] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6050]}, 88) = 6050 [pid 6048] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6048] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6048] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6050 attached [pid 6050] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6050] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6050] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6050] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6049] <... futex resumed>) = ? [pid 6048] <... futex resumed>) = ? [pid 6049] +++ killed by SIGBUS +++ [pid 6050] +++ killed by SIGBUS +++ [pid 6048] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6048, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./339", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./339/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./339/binderfs") = 0 [ 110.830792][ T6049] loop0: detected capacity change from 0 to 2048 [ 110.842089][ T6049] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./339/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./339/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./339/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./339/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./339") = 0 mkdir("./340", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6051 attached [pid 6051] set_robust_list(0x5555562186a0, 24) = 0 [pid 6051] chdir("./340") = 0 [pid 6051] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6051] setpgid(0, 0) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6051 [pid 6051] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6051] write(3, "1000", 4) = 4 [pid 6051] close(3) = 0 [pid 6051] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6051] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6051] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6051] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6052 attached [pid 6052] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6051] <... clone3 resumed> => {parent_tid=[6052]}, 88) = 6052 [pid 6051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6051] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6052] <... rseq resumed>) = 0 [pid 6052] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6052] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6052] memfd_create("syzkaller", 0) = 3 [pid 6052] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6052] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6052] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6052] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6052] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6052] close(3) = 0 [pid 6052] mkdir("./file0", 0777) = 0 [pid 6052] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6052] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6052] chdir("./file0") = 0 [pid 6052] ioctl(4, LOOP_CLR_FD) = 0 [pid 6052] close(4) = 0 [pid 6052] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6052] <... futex resumed>) = 1 [pid 6051] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6052] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... open resumed>) = 4 [pid 6052] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6052] <... futex resumed>) = 1 [pid 6052] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6052] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6051] <... futex resumed>) = 0 [pid 6051] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6052] <... futex resumed>) = 1 [pid 6052] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6051] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6052] <... mmap resumed>) = 0x20000000 [pid 6051] <... mprotect resumed>) = 0 [pid 6051] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6051] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6052] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] <... clone3 resumed> => {parent_tid=[6053]}, 88) = 6053 [pid 6052] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6051] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6051] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6051] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6053 attached [pid 6053] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6053] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6053] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6053] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6052] <... futex resumed>) = ? [pid 6051] <... futex resumed>) = ? [pid 6052] +++ killed by SIGBUS +++ [pid 6053] +++ killed by SIGBUS +++ [pid 6051] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6051, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./340", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./340/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./340/binderfs") = 0 [ 110.949027][ T6052] loop0: detected capacity change from 0 to 2048 [ 110.960545][ T6052] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./340/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./340/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./340/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./340/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./340") = 0 mkdir("./341", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6054 ./strace-static-x86_64: Process 6054 attached [pid 6054] set_robust_list(0x5555562186a0, 24) = 0 [pid 6054] chdir("./341") = 0 [pid 6054] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6054] setpgid(0, 0) = 0 [pid 6054] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6054] write(3, "1000", 4) = 4 [pid 6054] close(3) = 0 [pid 6054] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6054] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6054] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6054] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6055 attached => {parent_tid=[6055]}, 88) = 6055 [pid 6055] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6054] rt_sigprocmask(SIG_SETMASK, [], [pid 6055] <... rseq resumed>) = 0 [pid 6054] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6055] set_robust_list(0x7f3dc90769a0, 24 [pid 6054] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6055] <... set_robust_list resumed>) = 0 [pid 6055] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6055] memfd_create("syzkaller", 0) = 3 [pid 6055] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6055] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6055] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6055] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6055] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6055] close(3) = 0 [pid 6055] mkdir("./file0", 0777) = 0 [pid 6055] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6055] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6055] chdir("./file0") = 0 [pid 6055] ioctl(4, LOOP_CLR_FD) = 0 [pid 6055] close(4) = 0 [pid 6055] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6054] <... futex resumed>) = 0 [pid 6055] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6054] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6055] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6054] <... futex resumed>) = 0 [pid 6055] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6054] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... open resumed>) = 4 [pid 6055] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = 0 [pid 6054] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] <... futex resumed>) = 1 [pid 6055] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6055] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6054] <... futex resumed>) = 0 [pid 6054] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6055] <... futex resumed>) = 1 [pid 6054] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6055] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6054] <... mprotect resumed>) = 0 [pid 6055] <... mmap resumed>) = 0x20000000 [pid 6054] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6054] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6056]}, 88) = 6056 [pid 6054] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6054] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6054] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6055] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6055] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6056 attached [pid 6056] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6056] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6056] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6056] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6055] <... futex resumed>) = ? [pid 6054] <... futex resumed>) = ? [pid 6055] +++ killed by SIGBUS +++ [pid 6056] +++ killed by SIGBUS +++ [pid 6054] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6054, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./341", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./341/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./341/binderfs") = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./341/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./341/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./341/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./341/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 111.055307][ T6055] loop0: detected capacity change from 0 to 2048 [ 111.067417][ T6055] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./341") = 0 mkdir("./342", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6057 attached , child_tidptr=0x555556218690) = 6057 [pid 6057] set_robust_list(0x5555562186a0, 24) = 0 [pid 6057] chdir("./342") = 0 [pid 6057] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6057] setpgid(0, 0) = 0 [pid 6057] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6057] write(3, "1000", 4) = 4 [pid 6057] close(3) = 0 [pid 6057] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6057] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6057] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6057] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6058 attached => {parent_tid=[6058]}, 88) = 6058 [pid 6058] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6057] rt_sigprocmask(SIG_SETMASK, [], [pid 6058] <... rseq resumed>) = 0 [pid 6057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6057] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] set_robust_list(0x7f3dc90769a0, 24 [pid 6057] <... futex resumed>) = 0 [pid 6058] <... set_robust_list resumed>) = 0 [pid 6057] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6058] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6058] memfd_create("syzkaller", 0) = 3 [pid 6058] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6058] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6058] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6058] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6058] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6058] close(3) = 0 [pid 6058] mkdir("./file0", 0777) = 0 [pid 6058] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6058] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6058] chdir("./file0") = 0 [pid 6058] ioctl(4, LOOP_CLR_FD) = 0 [pid 6058] close(4) = 0 [pid 6058] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6057] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6058] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6058] <... futex resumed>) = 0 [pid 6057] <... futex resumed>) = 1 [pid 6058] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6057] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... open resumed>) = 5 [pid 6058] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6057] <... futex resumed>) = 0 [pid 6058] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6057] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6058] <... mmap resumed>) = 0x20000000 [pid 6057] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6058] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6057] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6058] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6057] <... mprotect resumed>) = 0 [pid 6057] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6057] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6059 attached [pid 6059] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6057] <... clone3 resumed> => {parent_tid=[6059]}, 88) = 6059 [pid 6059] <... rseq resumed>) = 0 [pid 6059] set_robust_list(0x7f3dc0d559a0, 24 [pid 6057] rt_sigprocmask(SIG_SETMASK, [], [pid 6059] <... set_robust_list resumed>) = 0 [pid 6057] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6059] rt_sigprocmask(SIG_SETMASK, [], [pid 6057] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6059] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6057] <... futex resumed>) = 0 [pid 6059] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6057] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6058] <... futex resumed>) = ? [pid 6058] +++ killed by SIGBUS +++ [pid 6059] +++ killed by SIGBUS +++ [pid 6057] <... futex resumed>) = ? [pid 6057] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6057, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./342", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./342/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./342/binderfs") = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./342/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./342/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./342/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./342/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 111.161983][ T6058] loop0: detected capacity change from 0 to 2048 [ 111.175595][ T6058] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./342") = 0 mkdir("./343", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6060 ./strace-static-x86_64: Process 6060 attached [pid 6060] set_robust_list(0x5555562186a0, 24) = 0 [pid 6060] chdir("./343") = 0 [pid 6060] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6060] setpgid(0, 0) = 0 [pid 6060] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6060] write(3, "1000", 4) = 4 [pid 6060] close(3) = 0 [pid 6060] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6060] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6060] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6060] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6061 attached => {parent_tid=[6061]}, 88) = 6061 [pid 6061] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], [pid 6061] set_robust_list(0x7f3dc90769a0, 24 [pid 6060] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6061] <... set_robust_list resumed>) = 0 [pid 6060] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6061] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6061] memfd_create("syzkaller", 0) = 3 [pid 6061] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6061] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6061] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6061] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6061] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6061] close(3) = 0 [pid 6061] mkdir("./file0", 0777) = 0 [pid 6061] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6061] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6061] chdir("./file0") = 0 [pid 6061] ioctl(4, LOOP_CLR_FD) = 0 [pid 6061] close(4) = 0 [pid 6061] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6061] <... futex resumed>) = 1 [pid 6061] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6060] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... open resumed>) = 4 [pid 6061] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6061] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] <... futex resumed>) = 0 [pid 6060] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = 0 [pid 6060] <... futex resumed>) = 1 [pid 6061] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6060] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6061] <... open resumed>) = 5 [pid 6061] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... futex resumed>) = 0 [pid 6061] <... futex resumed>) = 1 [pid 6061] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6061] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6060] <... futex resumed>) = 0 [pid 6061] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6060] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6061] <... mmap resumed>) = 0x20000000 [pid 6060] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6060] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6061] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6060] <... mprotect resumed>) = 0 [pid 6061] <... futex resumed>) = 0 [pid 6061] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6060] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6060] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6062]}, 88) = 6062 [pid 6060] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6060] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6060] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6062 attached [pid 6062] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6062] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6062] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6062] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6060] <... futex resumed>) = ? [pid 6061] <... futex resumed>) = ? [pid 6061] +++ killed by SIGBUS +++ [pid 6062] +++ killed by SIGBUS +++ [pid 6060] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6060, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./343", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./343/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./343/binderfs") = 0 [ 111.285835][ T6061] loop0: detected capacity change from 0 to 2048 [ 111.298688][ T6061] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./343/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./343/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./343/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./343/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./343") = 0 mkdir("./344", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6063 attached , child_tidptr=0x555556218690) = 6063 [pid 6063] set_robust_list(0x5555562186a0, 24) = 0 [pid 6063] chdir("./344") = 0 [pid 6063] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6063] setpgid(0, 0) = 0 [pid 6063] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6063] write(3, "1000", 4) = 4 [pid 6063] close(3) = 0 [pid 6063] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6063] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6063] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6063] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6064]}, 88) = 6064 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6064 attached [pid 6064] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6064] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6064] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6064] memfd_create("syzkaller", 0) = 3 [pid 6064] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6064] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6064] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6064] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6064] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6064] close(3) = 0 [pid 6064] mkdir("./file0", 0777) = 0 [pid 6064] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6064] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6064] chdir("./file0") = 0 [pid 6064] ioctl(4, LOOP_CLR_FD) = 0 [pid 6064] close(4) = 0 [pid 6064] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... futex resumed>) = 0 [pid 6064] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6064] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6063] <... futex resumed>) = 0 [pid 6064] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6064] <... futex resumed>) = 0 [pid 6063] <... futex resumed>) = 1 [pid 6064] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6063] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6064] <... open resumed>) = 5 [pid 6064] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6064] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6063] <... futex resumed>) = 0 [pid 6063] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6063] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6063] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6063] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6063] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6064] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) ./strace-static-x86_64: Process 6065 attached [pid 6064] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6065] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6063] <... clone3 resumed> => {parent_tid=[6065]}, 88) = 6065 [pid 6065] <... rseq resumed>) = 0 [pid 6064] <... mmap resumed>) = 0x20000000 [pid 6063] rt_sigprocmask(SIG_SETMASK, [], [pid 6065] set_robust_list(0x7f3dc0d559a0, 24 [pid 6063] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6065] <... set_robust_list resumed>) = 0 [pid 6063] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6065] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6063] <... futex resumed>) = 0 [pid 6065] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6063] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6064] +++ killed by SIGBUS +++ [pid 6065] +++ killed by SIGBUS +++ [pid 6063] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6063, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./344", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./344/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./344/binderfs") = 0 [ 111.405379][ T6064] loop0: detected capacity change from 0 to 2048 [ 111.417949][ T6064] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./344/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./344/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./344/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./344/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./344") = 0 mkdir("./345", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6066 attached , child_tidptr=0x555556218690) = 6066 [pid 6066] set_robust_list(0x5555562186a0, 24) = 0 [pid 6066] chdir("./345") = 0 [pid 6066] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6066] setpgid(0, 0) = 0 [pid 6066] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6066] write(3, "1000", 4) = 4 [pid 6066] close(3) = 0 [pid 6066] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6066] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6066] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6066] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6067]}, 88) = 6067 [pid 6066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6066] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6067 attached [pid 6067] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6067] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6067] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6067] memfd_create("syzkaller", 0) = 3 [pid 6067] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6067] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6067] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6067] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6067] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6067] close(3) = 0 [pid 6067] mkdir("./file0", 0777) = 0 [pid 6067] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6067] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6067] chdir("./file0") = 0 [pid 6067] ioctl(4, LOOP_CLR_FD) = 0 [pid 6067] close(4) = 0 [pid 6067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6067] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6066] <... futex resumed>) = 0 [pid 6067] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6066] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] <... open resumed>) = 4 [pid 6067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6066] <... futex resumed>) = 0 [pid 6066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6066] <... futex resumed>) = 0 [pid 6067] <... open resumed>) = 5 [pid 6066] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6067] <... futex resumed>) = 0 [pid 6066] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6066] <... futex resumed>) = 0 [pid 6067] <... mmap resumed>) = 0x20000000 [pid 6066] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6067] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6066] <... futex resumed>) = 0 [pid 6067] <... futex resumed>) = 0 [pid 6066] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6067] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6066] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6066] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6066] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6066] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6068]}, 88) = 6068 [pid 6066] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6066] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6068 attached ) = 0 [pid 6066] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6068] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6068] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6068] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6068] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6067] <... futex resumed>) = ? [pid 6066] <... futex resumed>) = ? [pid 6068] +++ killed by SIGBUS +++ [pid 6067] +++ killed by SIGBUS +++ [pid 6066] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6066, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./345", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./345/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 111.526883][ T6067] loop0: detected capacity change from 0 to 2048 [ 111.538737][ T6067] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./345/binderfs") = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./345/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./345/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./345/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./345/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./345") = 0 mkdir("./346", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6069 attached , child_tidptr=0x555556218690) = 6069 [pid 6069] set_robust_list(0x5555562186a0, 24) = 0 [pid 6069] chdir("./346") = 0 [pid 6069] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6069] setpgid(0, 0) = 0 [pid 6069] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6069] write(3, "1000", 4) = 4 [pid 6069] close(3) = 0 [pid 6069] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6069] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6069] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6069] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6070 attached => {parent_tid=[6070]}, 88) = 6070 [pid 6070] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6070] set_robust_list(0x7f3dc90769a0, 24 [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6070] <... set_robust_list resumed>) = 0 [pid 6069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6070] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6070] memfd_create("syzkaller", 0) = 3 [pid 6070] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6070] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6070] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6070] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6070] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6070] close(3) = 0 [pid 6070] mkdir("./file0", 0777) = 0 [pid 6070] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6070] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6070] chdir("./file0") = 0 [pid 6070] ioctl(4, LOOP_CLR_FD) = 0 [pid 6070] close(4) = 0 [pid 6070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6069] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... open resumed>) = 4 [pid 6070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6070] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = 0 [pid 6069] <... futex resumed>) = 1 [pid 6070] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6069] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6070] <... open resumed>) = 5 [pid 6070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6069] <... futex resumed>) = 0 [pid 6070] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6070] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6070] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6069] <... futex resumed>) = 0 [pid 6069] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6069] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6070] <... mmap resumed>) = 0x20000000 [pid 6070] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6069] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6070] <... futex resumed>) = 0 [pid 6070] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6069] <... mprotect resumed>) = 0 [pid 6069] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6069] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6071 attached [pid 6071] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6069] <... clone3 resumed> => {parent_tid=[6071]}, 88) = 6071 [pid 6071] <... rseq resumed>) = 0 [pid 6069] rt_sigprocmask(SIG_SETMASK, [], [pid 6071] set_robust_list(0x7f3dc0d559a0, 24 [pid 6069] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6071] <... set_robust_list resumed>) = 0 [pid 6069] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6071] rt_sigprocmask(SIG_SETMASK, [], [pid 6069] <... futex resumed>) = 0 [pid 6071] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6069] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6071] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6070] <... futex resumed>) = ? [pid 6069] <... futex resumed>) = ? [pid 6070] +++ killed by SIGBUS +++ [pid 6071] +++ killed by SIGBUS +++ [pid 6069] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6069, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./346", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./346/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./346/binderfs") = 0 [ 111.631794][ T6070] loop0: detected capacity change from 0 to 2048 [ 111.643473][ T6070] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./346/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./346/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./346/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./346/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./346") = 0 mkdir("./347", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6072 attached , child_tidptr=0x555556218690) = 6072 [pid 6072] set_robust_list(0x5555562186a0, 24) = 0 [pid 6072] chdir("./347") = 0 [pid 6072] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6072] setpgid(0, 0) = 0 [pid 6072] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6072] write(3, "1000", 4) = 4 [pid 6072] close(3) = 0 [pid 6072] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6072] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6072] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6072] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6073 attached [pid 6073] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6072] <... clone3 resumed> => {parent_tid=[6073]}, 88) = 6073 [pid 6073] <... rseq resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6073] set_robust_list(0x7f3dc90769a0, 24 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6073] <... set_robust_list resumed>) = 0 [pid 6072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] <... futex resumed>) = 0 [pid 6073] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6072] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6073] memfd_create("syzkaller", 0) = 3 [pid 6073] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6073] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6073] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6073] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6073] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6073] close(3) = 0 [pid 6073] mkdir("./file0", 0777) = 0 [pid 6073] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6073] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6073] chdir("./file0") = 0 [pid 6073] ioctl(4, LOOP_CLR_FD) = 0 [pid 6073] close(4) = 0 [pid 6073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6072] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... futex resumed>) = 1 [pid 6073] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6073] <... open resumed>) = 5 [pid 6073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6072] <... futex resumed>) = 0 [pid 6072] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] <... futex resumed>) = 1 [pid 6072] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6073] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6072] <... futex resumed>) = 0 [pid 6073] <... mmap resumed>) = 0x20000000 [pid 6072] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6072] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6073] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6073] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6072] <... mprotect resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6072] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6074 attached [pid 6074] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6072] <... clone3 resumed> => {parent_tid=[6074]}, 88) = 6074 [pid 6074] <... rseq resumed>) = 0 [pid 6072] rt_sigprocmask(SIG_SETMASK, [], [pid 6074] set_robust_list(0x7f3dc0d559a0, 24 [pid 6072] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6074] <... set_robust_list resumed>) = 0 [pid 6074] rt_sigprocmask(SIG_SETMASK, [], [pid 6072] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6074] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6072] <... futex resumed>) = 0 [pid 6074] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6072] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6073] <... futex resumed>) = ? [pid 6073] +++ killed by SIGBUS +++ [pid 6074] +++ killed by SIGBUS +++ [pid 6072] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6072, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./347", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./347/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./347/binderfs") = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./347/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./347/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./347/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./347/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./347") = 0 [ 111.732711][ T6073] loop0: detected capacity change from 0 to 2048 [ 111.746414][ T6073] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./348", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6075 attached , child_tidptr=0x555556218690) = 6075 [pid 6075] set_robust_list(0x5555562186a0, 24) = 0 [pid 6075] chdir("./348") = 0 [pid 6075] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6075] setpgid(0, 0) = 0 [pid 6075] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6075] write(3, "1000", 4) = 4 [pid 6075] close(3) = 0 [pid 6075] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6075] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6075] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6075] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6075] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6076 attached [pid 6076] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6075] <... clone3 resumed> => {parent_tid=[6076]}, 88) = 6076 [pid 6076] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6075] rt_sigprocmask(SIG_SETMASK, [], [pid 6076] rt_sigprocmask(SIG_SETMASK, [], [pid 6075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6076] memfd_create("syzkaller", 0 [pid 6075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6076] <... memfd_create resumed>) = 3 [pid 6076] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6076] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6076] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6076] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6076] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6076] close(3) = 0 [pid 6076] mkdir("./file0", 0777) = 0 [pid 6076] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6076] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6076] chdir("./file0") = 0 [pid 6076] ioctl(4, LOOP_CLR_FD) = 0 [pid 6076] close(4) = 0 [pid 6076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6076] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] <... futex resumed>) = 0 [pid 6075] <... futex resumed>) = 1 [pid 6076] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6075] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... open resumed>) = 4 [pid 6076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6076] <... futex resumed>) = 1 [pid 6075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6076] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6075] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6076] <... open resumed>) = 5 [pid 6076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] <... futex resumed>) = 0 [pid 6076] <... futex resumed>) = 1 [pid 6075] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6076] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6075] <... futex resumed>) = 0 [pid 6075] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6075] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6076] <... mmap resumed>) = 0x20000000 [pid 6075] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6076] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6075] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6075] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6076] <... futex resumed>) = 0 [pid 6075] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6076] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6075] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6077 attached => {parent_tid=[6077]}, 88) = 6077 [pid 6075] rt_sigprocmask(SIG_SETMASK, [], [pid 6077] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6075] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6077] <... rseq resumed>) = 0 [pid 6077] set_robust_list(0x7f3dc0d559a0, 24 [pid 6075] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6077] <... set_robust_list resumed>) = 0 [pid 6075] <... futex resumed>) = 0 [pid 6077] rt_sigprocmask(SIG_SETMASK, [], [pid 6075] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6077] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6077] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6076] <... futex resumed>) = ? [pid 6075] <... futex resumed>) = ? [pid 6076] +++ killed by SIGBUS +++ [pid 6077] +++ killed by SIGBUS +++ [pid 6075] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6075, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./348", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./348/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 111.821330][ T6076] loop0: detected capacity change from 0 to 2048 [ 111.837097][ T6076] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./348/binderfs") = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./348/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./348/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./348/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./348/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./348") = 0 mkdir("./349", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6078 attached , child_tidptr=0x555556218690) = 6078 [pid 6078] set_robust_list(0x5555562186a0, 24) = 0 [pid 6078] chdir("./349") = 0 [pid 6078] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6078] setpgid(0, 0) = 0 [pid 6078] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6078] write(3, "1000", 4) = 4 [pid 6078] close(3) = 0 [pid 6078] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6078] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6078] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6078] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6079 attached [pid 6079] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6078] <... clone3 resumed> => {parent_tid=[6079]}, 88) = 6079 [pid 6079] <... rseq resumed>) = 0 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], [pid 6079] set_robust_list(0x7f3dc90769a0, 24 [pid 6078] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] <... set_robust_list resumed>) = 0 [pid 6078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] rt_sigprocmask(SIG_SETMASK, [], [pid 6078] <... futex resumed>) = 0 [pid 6079] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6079] memfd_create("syzkaller", 0 [pid 6078] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6079] <... memfd_create resumed>) = 3 [pid 6079] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6079] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6079] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6079] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6079] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6079] close(3) = 0 [pid 6079] mkdir("./file0", 0777) = 0 [pid 6079] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6079] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6079] chdir("./file0") = 0 [pid 6079] ioctl(4, LOOP_CLR_FD) = 0 [pid 6079] close(4) = 0 [pid 6079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6078] <... futex resumed>) = 0 [pid 6079] <... futex resumed>) = 1 [pid 6078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... open resumed>) = 4 [pid 6079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6079] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] <... futex resumed>) = 0 [pid 6078] <... futex resumed>) = 1 [pid 6079] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6078] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6079] <... open resumed>) = 5 [pid 6079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6078] <... futex resumed>) = 0 [pid 6078] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6079] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6078] <... futex resumed>) = 0 [pid 6079] <... mmap resumed>) = 0x20000000 [pid 6079] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6079] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6078] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6078] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6078] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6078] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6080 attached => {parent_tid=[6080]}, 88) = 6080 [pid 6078] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6078] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6078] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6080] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6080] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6080] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6080] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6078] <... futex resumed>) = ? [pid 6079] <... futex resumed>) = ? [pid 6079] +++ killed by SIGBUS +++ [pid 6080] +++ killed by SIGBUS +++ [pid 6078] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6078, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./349", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./349/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./349/binderfs") = 0 [ 111.937484][ T6079] loop0: detected capacity change from 0 to 2048 [ 111.949080][ T6079] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./349/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./349/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./349/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./349/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./349") = 0 mkdir("./350", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6081 attached , child_tidptr=0x555556218690) = 6081 [pid 6081] set_robust_list(0x5555562186a0, 24) = 0 [pid 6081] chdir("./350") = 0 [pid 6081] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6081] setpgid(0, 0) = 0 [pid 6081] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6081] write(3, "1000", 4) = 4 [pid 6081] close(3) = 0 [pid 6081] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6081] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6081] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6081] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6082 attached => {parent_tid=[6082]}, 88) = 6082 [pid 6082] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], [pid 6082] set_robust_list(0x7f3dc90769a0, 24 [pid 6081] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6082] <... set_robust_list resumed>) = 0 [pid 6082] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6082] memfd_create("syzkaller", 0) = 3 [pid 6082] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6082] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6082] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6082] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6082] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6082] close(3) = 0 [pid 6082] mkdir("./file0", 0777) = 0 [pid 6082] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6082] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6082] chdir("./file0") = 0 [pid 6082] ioctl(4, LOOP_CLR_FD) = 0 [pid 6082] close(4) = 0 [pid 6082] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6082] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6082] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6081] <... futex resumed>) = 0 [pid 6081] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6081] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6081] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6081] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6083 attached => {parent_tid=[6083]}, 88) = 6083 [pid 6081] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6081] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6081] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6082] <... futex resumed>) = 1 [pid 6082] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6083] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6083] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6083] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6083] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6082] <... futex resumed>) = ? [pid 6083] +++ killed by SIGBUS +++ [pid 6082] +++ killed by SIGBUS +++ [pid 6081] <... futex resumed>) = ? [pid 6081] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6081, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./350", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./350/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./350/binderfs") = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./350/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./350/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./350/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./350/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./350") = 0 mkdir("./351", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6084 attached , child_tidptr=0x555556218690) = 6084 [pid 6084] set_robust_list(0x5555562186a0, 24) = 0 [pid 6084] chdir("./351") = 0 [pid 6084] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6084] setpgid(0, 0) = 0 [pid 6084] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6084] write(3, "1000", 4) = 4 [pid 6084] close(3) = 0 [pid 6084] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6084] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6084] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6084] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6085 attached => {parent_tid=[6085]}, 88) = 6085 [pid 6085] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], [pid 6085] <... rseq resumed>) = 0 [pid 6084] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6085] set_robust_list(0x7f3dc90769a0, 24 [pid 6084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] <... set_robust_list resumed>) = 0 [pid 6085] rt_sigprocmask(SIG_SETMASK, [], [pid 6084] <... futex resumed>) = 0 [ 112.048022][ T6082] loop0: detected capacity change from 0 to 2048 [ 112.059189][ T6082] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6085] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6084] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6085] memfd_create("syzkaller", 0) = 3 [pid 6085] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6085] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6085] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6085] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6085] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6085] close(3) = 0 [pid 6085] mkdir("./file0", 0777) = 0 [pid 6085] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6085] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6085] chdir("./file0") = 0 [pid 6085] ioctl(4, LOOP_CLR_FD) = 0 [pid 6085] close(4) = 0 [pid 6085] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] <... futex resumed>) = 1 [pid 6085] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6085] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... futex resumed>) = 1 [pid 6084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6085] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6084] <... futex resumed>) = 0 [pid 6085] <... open resumed>) = 5 [pid 6084] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6085] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6084] <... futex resumed>) = 0 [pid 6084] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6085] <... futex resumed>) = 1 [pid 6084] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6085] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6084] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6085] <... futex resumed>) = 0 [pid 6084] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6084] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6085] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6084] <... clone3 resumed> => {parent_tid=[6086]}, 88) = 6086 [pid 6084] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6084] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6084] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6086 attached [pid 6086] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6086] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6086] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6086] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6085] <... futex resumed>) = ? [pid 6085] +++ killed by SIGBUS +++ [pid 6084] <... futex resumed>) = ? [pid 6086] +++ killed by SIGBUS +++ [pid 6084] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6084, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./351", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./351/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./351/binderfs") = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./351/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./351/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./351/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./351/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 [ 112.132105][ T6085] loop0: detected capacity change from 0 to 2048 [ 112.147518][ T6085] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 rmdir("./351") = 0 mkdir("./352", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6087 ./strace-static-x86_64: Process 6087 attached [pid 6087] set_robust_list(0x5555562186a0, 24) = 0 [pid 6087] chdir("./352") = 0 [pid 6087] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6087] setpgid(0, 0) = 0 [pid 6087] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6087] write(3, "1000", 4) = 4 [pid 6087] close(3) = 0 [pid 6087] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6087] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6087] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6087] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6088 attached [pid 6088] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6087] <... clone3 resumed> => {parent_tid=[6088]}, 88) = 6088 [pid 6088] <... rseq resumed>) = 0 [pid 6088] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6088] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6088] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 0 [pid 6087] <... futex resumed>) = 1 [pid 6087] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6088] memfd_create("syzkaller", 0) = 3 [pid 6088] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6088] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6088] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6088] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6088] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6088] close(3) = 0 [pid 6088] mkdir("./file0", 0777) = 0 [ 112.210620][ T6088] __do_sys_memfd_create: 34 callbacks suppressed [ 112.210639][ T6088] syz-executor183[6088]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 112.241669][ T6088] loop0: detected capacity change from 0 to 2048 [pid 6088] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6088] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6088] chdir("./file0") = 0 [pid 6088] ioctl(4, LOOP_CLR_FD) = 0 [pid 6088] close(4) = 0 [pid 6088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] <... futex resumed>) = 0 [pid 6088] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6087] <... futex resumed>) = 0 [pid 6088] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6087] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... open resumed>) = 4 [pid 6088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6088] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6087] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6088] <... futex resumed>) = 0 [pid 6088] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6087] <... futex resumed>) = 0 [pid 6087] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6088] <... futex resumed>) = 1 [pid 6088] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6087] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6087] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6088] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] <... mprotect resumed>) = 0 [pid 6088] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6087] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6087] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6089]}, 88) = 6089 [pid 6087] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6087] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6087] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6089 attached [pid 6089] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6089] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6089] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6089] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6088] <... futex resumed>) = ? [pid 6088] +++ killed by SIGBUS +++ [pid 6089] +++ killed by SIGBUS +++ [pid 6087] <... futex resumed>) = ? [pid 6087] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6087, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./352", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./352/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./352/binderfs") = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./352/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./352/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./352/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./352/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 [ 112.253871][ T6088] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 rmdir("./352") = 0 mkdir("./353", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6090 attached , child_tidptr=0x555556218690) = 6090 [pid 6090] set_robust_list(0x5555562186a0, 24) = 0 [pid 6090] chdir("./353") = 0 [pid 6090] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6090] setpgid(0, 0) = 0 [pid 6090] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6090] write(3, "1000", 4) = 4 [pid 6090] close(3) = 0 [pid 6090] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6090] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6090] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6090] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6091 attached => {parent_tid=[6091]}, 88) = 6091 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6091] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6091] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6091] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6091] memfd_create("syzkaller", 0) = 3 [pid 6091] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6091] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6091] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6091] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6091] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6091] close(3) = 0 [pid 6091] mkdir("./file0", 0777) = 0 [ 112.326050][ T6091] syz-executor183[6091]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 112.358978][ T6091] loop0: detected capacity change from 0 to 2048 [pid 6091] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6091] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6091] chdir("./file0") = 0 [pid 6091] ioctl(4, LOOP_CLR_FD) = 0 [pid 6091] close(4) = 0 [pid 6091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6091] <... futex resumed>) = 1 [pid 6090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] <... open resumed>) = 4 [pid 6091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6091] <... futex resumed>) = 1 [pid 6090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6090] <... futex resumed>) = 0 [pid 6091] <... open resumed>) = 5 [pid 6090] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6090] <... futex resumed>) = 0 [pid 6090] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6090] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6091] <... futex resumed>) = 1 [pid 6090] <... futex resumed>) = 0 [pid 6091] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6090] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6091] <... mmap resumed>) = 0x20000000 [pid 6090] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6090] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6091] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6091] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6090] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6090] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6092 attached => {parent_tid=[6092]}, 88) = 6092 [pid 6092] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6090] rt_sigprocmask(SIG_SETMASK, [], [pid 6092] set_robust_list(0x7f3dc0d559a0, 24 [pid 6090] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6092] <... set_robust_list resumed>) = 0 [pid 6090] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6092] rt_sigprocmask(SIG_SETMASK, [], [pid 6090] <... futex resumed>) = 0 [pid 6092] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6090] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6092] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6091] <... futex resumed>) = ? [pid 6091] +++ killed by SIGBUS +++ [pid 6090] <... futex resumed>) = ? [pid 6092] +++ killed by SIGBUS +++ [pid 6090] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6090, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./353", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./353/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./353/binderfs") = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./353/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./353/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./353/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./353/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./353") = 0 mkdir("./354", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 [ 112.371289][ T6091] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6093 attached , child_tidptr=0x555556218690) = 6093 [pid 6093] set_robust_list(0x5555562186a0, 24) = 0 [pid 6093] chdir("./354") = 0 [pid 6093] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6093] setpgid(0, 0) = 0 [pid 6093] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6093] write(3, "1000", 4) = 4 [pid 6093] close(3) = 0 [pid 6093] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6093] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6093] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6093] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6093] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6094]}, 88) = 6094 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6094 attached [pid 6094] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6094] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6094] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6094] memfd_create("syzkaller", 0) = 3 [pid 6094] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6094] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6094] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6094] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6094] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6094] close(3) = 0 [pid 6094] mkdir("./file0", 0777) = 0 [pid 6094] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6094] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6094] chdir("./file0") = 0 [pid 6094] ioctl(4, LOOP_CLR_FD) = 0 [pid 6094] close(4) = 0 [pid 6094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6093] <... futex resumed>) = 0 [pid 6094] <... futex resumed>) = 1 [pid 6093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] <... open resumed>) = 4 [pid 6094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6094] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6094] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6094] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6093] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6094] <... futex resumed>) = 0 [pid 6093] <... futex resumed>) = 1 [pid 6094] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6094] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6093] <... mprotect resumed>) = 0 [pid 6094] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6093] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6093] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6095 attached => {parent_tid=[6095]}, 88) = 6095 [pid 6093] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6095] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6095] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6093] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6095] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6093] <... futex resumed>) = 0 [pid 6093] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6095] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6094] <... futex resumed>) = ? [pid 6095] +++ killed by SIGBUS +++ [pid 6094] +++ killed by SIGBUS +++ [pid 6093] <... futex resumed>) = ? [pid 6093] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6093, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./354", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./354/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./354/binderfs") = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./354/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./354/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./354/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 112.486916][ T6094] syz-executor183[6094]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 112.510952][ T6094] loop0: detected capacity change from 0 to 2048 [ 112.524085][ T6094] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./354/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./354") = 0 mkdir("./355", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6096 attached , child_tidptr=0x555556218690) = 6096 [pid 6096] set_robust_list(0x5555562186a0, 24) = 0 [pid 6096] chdir("./355") = 0 [pid 6096] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6096] setpgid(0, 0) = 0 [pid 6096] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6096] write(3, "1000", 4) = 4 [pid 6096] close(3) = 0 [pid 6096] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6096] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6096] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6096] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6097]}, 88) = 6097 [pid 6096] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6097 attached [pid 6097] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6097] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6096] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6097] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6097] memfd_create("syzkaller", 0 [pid 6096] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6097] <... memfd_create resumed>) = 3 [pid 6097] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6097] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6097] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6097] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6097] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6097] close(3) = 0 [pid 6097] mkdir("./file0", 0777) = 0 [ 112.595316][ T6097] syz-executor183[6097]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 112.630160][ T6097] loop0: detected capacity change from 0 to 2048 [pid 6097] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6097] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6097] chdir("./file0") = 0 [pid 6097] ioctl(4, LOOP_CLR_FD) = 0 [pid 6097] close(4) = 0 [pid 6097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6097] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] <... futex resumed>) = 0 [pid 6096] <... futex resumed>) = 1 [pid 6097] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6096] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... open resumed>) = 4 [pid 6097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6097] <... futex resumed>) = 1 [pid 6097] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6097] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6096] <... futex resumed>) = 0 [pid 6096] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6097] <... mmap resumed>) = 0x20000000 [pid 6096] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6097] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6096] <... mprotect resumed>) = 0 [pid 6097] <... futex resumed>) = 0 [pid 6097] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6096] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6096] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6098 attached => {parent_tid=[6098]}, 88) = 6098 [pid 6096] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6096] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6096] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6098] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6098] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6098] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6098] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6097] <... futex resumed>) = ? [pid 6096] <... futex resumed>) = ? [pid 6098] +++ killed by SIGBUS +++ [pid 6097] +++ killed by SIGBUS +++ [pid 6096] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6096, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./355", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./355/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./355/binderfs") = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./355/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 112.642167][ T6097] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./355/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./355/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./355/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./355") = 0 mkdir("./356", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6099 attached [pid 6099] set_robust_list(0x5555562186a0, 24) = 0 [pid 6099] chdir("./356") = 0 [pid 6099] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6099 [pid 6099] setpgid(0, 0) = 0 [pid 6099] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6099] write(3, "1000", 4) = 4 [pid 6099] close(3) = 0 [pid 6099] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6099] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6099] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6099] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6100]}, 88) = 6100 ./strace-static-x86_64: Process 6100 attached [pid 6099] rt_sigprocmask(SIG_SETMASK, [], [pid 6100] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6100] set_robust_list(0x7f3dc90769a0, 24 [pid 6099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... set_robust_list resumed>) = 0 [pid 6100] rt_sigprocmask(SIG_SETMASK, [], [pid 6099] <... futex resumed>) = 0 [pid 6100] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6099] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6100] memfd_create("syzkaller", 0) = 3 [pid 6100] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6100] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6100] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6100] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6100] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6100] close(3) = 0 [pid 6100] mkdir("./file0", 0777) = 0 [pid 6100] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6100] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6100] chdir("./file0") = 0 [pid 6100] ioctl(4, LOOP_CLR_FD) = 0 [pid 6100] close(4) = 0 [pid 6100] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] <... futex resumed>) = 0 [pid 6100] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6099] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... open resumed>) = 4 [pid 6100] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6099] <... futex resumed>) = 0 [pid 6100] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6100] <... futex resumed>) = 0 [pid 6099] <... futex resumed>) = 1 [pid 6100] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6099] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6100] <... open resumed>) = 5 [pid 6100] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6100] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6099] <... futex resumed>) = 0 [pid 6099] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6099] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6100] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6099] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6100] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6099] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6099] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6099] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6099] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6101 attached [pid 6101] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6099] <... clone3 resumed> => {parent_tid=[6101]}, 88) = 6101 [pid 6101] <... rseq resumed>) = 0 [pid 6099] rt_sigprocmask(SIG_SETMASK, [], [pid 6101] set_robust_list(0x7f3dc0d559a0, 24 [pid 6100] <... mmap resumed>) = 0x20000000 [pid 6099] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6101] <... set_robust_list resumed>) = 0 [pid 6099] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6101] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6099] <... futex resumed>) = 0 [pid 6101] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6099] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6101] +++ killed by SIGBUS +++ [pid 6100] +++ killed by SIGBUS +++ [pid 6099] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6099, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./356", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./356/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./356/binderfs") = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./356/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./356/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./356/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 112.738405][ T6100] syz-executor183[6100]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 112.762828][ T6100] loop0: detected capacity change from 0 to 2048 [ 112.775475][ T6100] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./356/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./356") = 0 mkdir("./357", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6102 ./strace-static-x86_64: Process 6102 attached [pid 6102] set_robust_list(0x5555562186a0, 24) = 0 [pid 6102] chdir("./357") = 0 [pid 6102] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6102] setpgid(0, 0) = 0 [pid 6102] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6102] write(3, "1000", 4) = 4 [pid 6102] close(3) = 0 [pid 6102] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6102] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6102] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6102] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6103 attached => {parent_tid=[6103]}, 88) = 6103 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6103] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6103] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6103] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6103] memfd_create("syzkaller", 0) = 3 [pid 6103] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6103] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6103] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6103] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6103] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6103] close(3) = 0 [pid 6103] mkdir("./file0", 0777) = 0 [pid 6103] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6103] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6103] chdir("./file0") = 0 [pid 6103] ioctl(4, LOOP_CLR_FD) = 0 [pid 6103] close(4) = 0 [pid 6103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... open resumed>) = 4 [pid 6103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6102] <... futex resumed>) = 0 [pid 6103] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6102] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6103] <... open resumed>) = 5 [pid 6103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6102] <... futex resumed>) = 0 [pid 6103] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6102] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6103] <... mmap resumed>) = 0x20000000 [pid 6102] <... futex resumed>) = 0 [pid 6102] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6103] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6102] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6103] <... futex resumed>) = 0 [pid 6103] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6102] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6102] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6102] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6104]}, 88) = 6104 [pid 6102] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6102] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6102] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6104 attached [pid 6104] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6104] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6104] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6104] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6103] <... futex resumed>) = ? [pid 6102] <... futex resumed>) = ? [pid 6104] +++ killed by SIGBUS +++ [pid 6103] +++ killed by SIGBUS +++ [pid 6102] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6102, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./357", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./357/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./357/binderfs") = 0 [ 112.854137][ T6103] syz-executor183[6103]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 112.881518][ T6103] loop0: detected capacity change from 0 to 2048 [ 112.892953][ T6103] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./357/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./357/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./357/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./357/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./357") = 0 mkdir("./358", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6105 attached , child_tidptr=0x555556218690) = 6105 [pid 6105] set_robust_list(0x5555562186a0, 24) = 0 [pid 6105] chdir("./358") = 0 [pid 6105] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6105] setpgid(0, 0) = 0 [pid 6105] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6105] write(3, "1000", 4) = 4 [pid 6105] close(3) = 0 [pid 6105] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6105] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6105] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6105] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6106]}, 88) = 6106 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6106 attached ) = 0 [pid 6106] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6105] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6106] <... rseq resumed>) = 0 [pid 6106] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6106] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6106] memfd_create("syzkaller", 0) = 3 [pid 6106] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6106] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6106] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6106] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6106] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6106] close(3) = 0 [pid 6106] mkdir("./file0", 0777) = 0 [pid 6106] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6106] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6106] chdir("./file0") = 0 [pid 6106] ioctl(4, LOOP_CLR_FD) = 0 [pid 6106] close(4) = 0 [pid 6106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] <... futex resumed>) = 1 [pid 6106] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6106] <... futex resumed>) = 1 [pid 6106] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6105] <... futex resumed>) = 0 [pid 6105] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6106] <... futex resumed>) = 1 [pid 6105] <... futex resumed>) = 0 [pid 6106] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6105] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6106] <... mmap resumed>) = 0x20000000 [pid 6105] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6105] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6106] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6106] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6105] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6105] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6107]}, 88) = 6107 [pid 6105] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6105] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6105] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6107 attached [pid 6107] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6107] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6107] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6107] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6106] <... futex resumed>) = ? [pid 6105] <... futex resumed>) = ? [pid 6107] +++ killed by SIGBUS +++ [pid 6106] +++ killed by SIGBUS +++ [pid 6105] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6105, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./358", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./358/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./358/binderfs") = 0 [ 112.976878][ T6106] syz-executor183[6106]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 113.000922][ T6106] loop0: detected capacity change from 0 to 2048 [ 113.012339][ T6106] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./358/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./358/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./358/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./358/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./358") = 0 mkdir("./359", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6108 ./strace-static-x86_64: Process 6108 attached [pid 6108] set_robust_list(0x5555562186a0, 24) = 0 [pid 6108] chdir("./359") = 0 [pid 6108] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6108] setpgid(0, 0) = 0 [pid 6108] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6108] write(3, "1000", 4) = 4 [pid 6108] close(3) = 0 [pid 6108] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6108] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6108] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6108] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6109]}, 88) = 6109 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6109 attached [pid 6109] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6109] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6109] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6109] memfd_create("syzkaller", 0) = 3 [pid 6109] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6109] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6109] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6109] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6109] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6109] close(3) = 0 [pid 6109] mkdir("./file0", 0777) = 0 [pid 6109] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6109] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6109] chdir("./file0") = 0 [pid 6109] ioctl(4, LOOP_CLR_FD) = 0 [pid 6109] close(4) = 0 [pid 6109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] <... open resumed>) = 4 [pid 6109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6109] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6108] <... futex resumed>) = 0 [pid 6108] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6109] <... futex resumed>) = 1 [pid 6109] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6108] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6108] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6109] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6109] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6108] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6108] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6110]}, 88) = 6110 [pid 6108] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6108] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6108] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6110 attached [pid 6110] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6110] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6110] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6110] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6109] <... futex resumed>) = ? [pid 6108] <... futex resumed>) = ? [pid 6110] +++ killed by SIGBUS +++ [pid 6109] +++ killed by SIGBUS +++ [pid 6108] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6108, si_uid=0, si_status=SIGBUS, si_utime=1 /* 0.01 s */, si_stime=3 /* 0.03 s */} --- umount2("./359", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 [ 113.102048][ T6109] syz-executor183[6109]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 113.128274][ T6109] loop0: detected capacity change from 0 to 2048 [ 113.140288][ T6109] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./359/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./359/binderfs") = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./359/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./359/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./359/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./359/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./359") = 0 mkdir("./360", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6111 attached [pid 6111] set_robust_list(0x5555562186a0, 24) = 0 [pid 6111] chdir("./360") = 0 [pid 6111] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6111] setpgid(0, 0) = 0 [pid 6111] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6111] write(3, "1000", 4) = 4 [pid 6111] close(3) = 0 [pid 6111] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6111] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6111] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6111] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6111 [pid 6111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6112 attached [pid 6112] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6111] <... clone3 resumed> => {parent_tid=[6112]}, 88) = 6112 [pid 6112] set_robust_list(0x7f3dc90769a0, 24 [pid 6111] rt_sigprocmask(SIG_SETMASK, [], [pid 6112] <... set_robust_list resumed>) = 0 [pid 6111] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6112] rt_sigprocmask(SIG_SETMASK, [], [pid 6111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6112] memfd_create("syzkaller", 0) = 3 [pid 6112] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6112] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6112] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6112] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6112] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6112] close(3) = 0 [pid 6112] mkdir("./file0", 0777) = 0 [ 113.218804][ T6112] syz-executor183[6112]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 113.251244][ T6112] loop0: detected capacity change from 0 to 2048 [pid 6112] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6112] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6112] chdir("./file0") = 0 [pid 6112] ioctl(4, LOOP_CLR_FD) = 0 [pid 6112] close(4) = 0 [pid 6112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6112] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = 0 [pid 6111] <... futex resumed>) = 1 [pid 6112] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6111] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... open resumed>) = 4 [pid 6112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6111] <... futex resumed>) = 0 [pid 6112] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6112] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6111] <... futex resumed>) = 0 [pid 6112] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6111] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6112] <... open resumed>) = 5 [pid 6112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] <... futex resumed>) = 0 [pid 6111] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6112] <... futex resumed>) = 1 [pid 6112] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6111] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6112] <... mmap resumed>) = 0x20000000 [pid 6111] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6111] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6112] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6111] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6112] <... futex resumed>) = 0 [pid 6112] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6111] <... clone3 resumed> => {parent_tid=[6113]}, 88) = 6113 [pid 6111] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6111] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6111] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6113 attached [pid 6113] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6113] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6113] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6113] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6112] <... futex resumed>) = ? [pid 6112] +++ killed by SIGBUS +++ [pid 6111] <... futex resumed>) = ? [pid 6113] +++ killed by SIGBUS +++ [pid 6111] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6111, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./360", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./360/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./360/binderfs") = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./360/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./360/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./360/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./360/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./360") = 0 mkdir("./361", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 113.262071][ T6112] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6114 ./strace-static-x86_64: Process 6114 attached [pid 6114] set_robust_list(0x5555562186a0, 24) = 0 [pid 6114] chdir("./361") = 0 [pid 6114] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6114] setpgid(0, 0) = 0 [pid 6114] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6114] write(3, "1000", 4) = 4 [pid 6114] close(3) = 0 [pid 6114] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6114] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6114] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6114] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6115 attached [pid 6115] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6114] <... clone3 resumed> => {parent_tid=[6115]}, 88) = 6115 [pid 6115] <... rseq resumed>) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6115] set_robust_list(0x7f3dc90769a0, 24 [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6115] <... set_robust_list resumed>) = 0 [pid 6114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] <... futex resumed>) = 0 [pid 6115] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6115] memfd_create("syzkaller", 0) = 3 [pid 6115] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6115] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6115] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6115] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6115] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6115] close(3) = 0 [pid 6115] mkdir("./file0", 0777) = 0 [pid 6115] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6115] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6115] chdir("./file0") = 0 [pid 6115] ioctl(4, LOOP_CLR_FD) = 0 [pid 6115] close(4) = 0 [pid 6115] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... open resumed>) = 4 [pid 6115] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6115] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] <... futex resumed>) = 0 [pid 6114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6115] <... futex resumed>) = 0 [pid 6115] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6115] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6114] <... futex resumed>) = 0 [pid 6115] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6114] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6115] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6114] <... futex resumed>) = 0 [pid 6115] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6114] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6114] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6114] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6114] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6114] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6116 attached => {parent_tid=[6116]}, 88) = 6116 [pid 6116] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6114] rt_sigprocmask(SIG_SETMASK, [], [pid 6116] set_robust_list(0x7f3dc0d559a0, 24 [pid 6114] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6116] <... set_robust_list resumed>) = 0 [pid 6114] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6116] rt_sigprocmask(SIG_SETMASK, [], [pid 6114] <... futex resumed>) = 0 [pid 6116] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6114] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6116] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6115] <... mmap resumed>) = ? [pid 6115] +++ killed by SIGBUS +++ [pid 6116] +++ killed by SIGBUS +++ [pid 6114] <... futex resumed>) = ? [pid 6114] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6114, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./361", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./361/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./361/binderfs") = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./361/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./361/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./361/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 113.333478][ T6115] syz-executor183[6115]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 113.356538][ T6115] loop0: detected capacity change from 0 to 2048 [ 113.368712][ T6115] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./361/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./361") = 0 mkdir("./362", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6117 attached , child_tidptr=0x555556218690) = 6117 [pid 6117] set_robust_list(0x5555562186a0, 24) = 0 [pid 6117] chdir("./362") = 0 [pid 6117] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6117] setpgid(0, 0) = 0 [pid 6117] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6117] write(3, "1000", 4) = 4 [pid 6117] close(3) = 0 [pid 6117] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6117] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6117] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6117] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6118]}, 88) = 6118 ./strace-static-x86_64: Process 6118 attached [pid 6117] rt_sigprocmask(SIG_SETMASK, [], [pid 6118] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6118] <... rseq resumed>) = 0 [pid 6118] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6118] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6118] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6118] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6117] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6118] memfd_create("syzkaller", 0) = 3 [pid 6118] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6118] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6118] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6118] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6118] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6118] close(3) = 0 [pid 6118] mkdir("./file0", 0777) = 0 [pid 6118] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6118] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6118] chdir("./file0") = 0 [pid 6118] ioctl(4, LOOP_CLR_FD) = 0 [pid 6118] close(4) = 0 [pid 6118] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6118] <... futex resumed>) = 1 [pid 6117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... open resumed>) = 4 [pid 6118] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] <... futex resumed>) = 1 [pid 6117] <... futex resumed>) = 0 [pid 6118] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6117] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6118] <... open resumed>) = 5 [pid 6118] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... futex resumed>) = 0 [pid 6118] <... futex resumed>) = 1 [pid 6117] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6118] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6117] <... futex resumed>) = 0 [pid 6118] <... mmap resumed>) = 0x20000000 [pid 6117] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6117] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6117] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6118] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6117] <... mprotect resumed>) = 0 [pid 6118] <... futex resumed>) = 0 [pid 6118] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6117] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6117] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6119 attached [pid 6119] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6117] <... clone3 resumed> => {parent_tid=[6119]}, 88) = 6119 [pid 6119] <... rseq resumed>) = 0 [pid 6117] rt_sigprocmask(SIG_SETMASK, [], [pid 6119] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6117] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6119] rt_sigprocmask(SIG_SETMASK, [], [pid 6117] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6119] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6117] <... futex resumed>) = 0 [pid 6119] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6117] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6118] <... futex resumed>) = ? [pid 6118] +++ killed by SIGBUS +++ [pid 6119] +++ killed by SIGBUS +++ [pid 6117] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6117, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./362", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./362/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./362/binderfs") = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./362/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./362/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./362/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./362/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 113.475853][ T6118] loop0: detected capacity change from 0 to 2048 [ 113.488302][ T6118] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./362") = 0 mkdir("./363", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6120 attached , child_tidptr=0x555556218690) = 6120 [pid 6120] set_robust_list(0x5555562186a0, 24) = 0 [pid 6120] chdir("./363") = 0 [pid 6120] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6120] setpgid(0, 0) = 0 [pid 6120] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6120] write(3, "1000", 4) = 4 [pid 6120] close(3) = 0 [pid 6120] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6120] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6120] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6120] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6121]}, 88) = 6121 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6120] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6120] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6121 attached [pid 6121] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6121] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6121] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6121] memfd_create("syzkaller", 0) = 3 [pid 6121] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6121] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6121] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6121] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6121] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6121] close(3) = 0 [pid 6121] mkdir("./file0", 0777) = 0 [pid 6121] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6121] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6121] chdir("./file0") = 0 [pid 6121] ioctl(4, LOOP_CLR_FD) = 0 [pid 6121] close(4) = 0 [pid 6121] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = 0 [pid 6120] <... futex resumed>) = 1 [pid 6121] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6120] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] <... open resumed>) = 4 [pid 6121] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] <... futex resumed>) = 1 [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6121] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6121] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] <... futex resumed>) = 0 [pid 6120] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6121] <... futex resumed>) = 0 [pid 6120] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6121] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6120] <... futex resumed>) = 0 [pid 6121] <... mmap resumed>) = 0x20000000 [pid 6120] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6120] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6121] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6121] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6120] <... mprotect resumed>) = 0 [pid 6120] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6120] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6122 attached => {parent_tid=[6122]}, 88) = 6122 [pid 6122] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6120] rt_sigprocmask(SIG_SETMASK, [], [pid 6122] <... rseq resumed>) = 0 [pid 6120] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6122] set_robust_list(0x7f3dc0d559a0, 24 [pid 6120] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6122] <... set_robust_list resumed>) = 0 [pid 6122] rt_sigprocmask(SIG_SETMASK, [], [pid 6120] <... futex resumed>) = 0 [pid 6122] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6120] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6122] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6121] <... futex resumed>) = ? [pid 6120] <... futex resumed>) = ? [pid 6122] +++ killed by SIGBUS +++ [pid 6121] +++ killed by SIGBUS +++ [pid 6120] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6120, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./363", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./363/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./363/binderfs") = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./363/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./363/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./363/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./363/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./363") = 0 mkdir("./364", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 113.567683][ T6121] loop0: detected capacity change from 0 to 2048 [ 113.596571][ T6121] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6123 ./strace-static-x86_64: Process 6123 attached [pid 6123] set_robust_list(0x5555562186a0, 24) = 0 [pid 6123] chdir("./364") = 0 [pid 6123] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6123] setpgid(0, 0) = 0 [pid 6123] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6123] write(3, "1000", 4) = 4 [pid 6123] close(3) = 0 [pid 6123] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6123] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6123] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6123] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6124 attached => {parent_tid=[6124]}, 88) = 6124 [pid 6124] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] set_robust_list(0x7f3dc90769a0, 24 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6124] <... set_robust_list resumed>) = 0 [pid 6123] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] rt_sigprocmask(SIG_SETMASK, [], [pid 6123] <... futex resumed>) = 0 [pid 6124] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6124] memfd_create("syzkaller", 0 [pid 6123] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6124] <... memfd_create resumed>) = 3 [pid 6124] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6124] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6124] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6124] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6124] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6124] close(3) = 0 [pid 6124] mkdir("./file0", 0777) = 0 [pid 6124] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6124] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6124] chdir("./file0") = 0 [pid 6124] ioctl(4, LOOP_CLR_FD) = 0 [pid 6124] close(4) = 0 [pid 6124] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6124] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6124] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6124] <... futex resumed>) = 0 [pid 6123] <... futex resumed>) = 1 [pid 6124] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6123] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6124] <... open resumed>) = 5 [pid 6124] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6123] <... futex resumed>) = 0 [pid 6123] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6123] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6123] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6123] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6124] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< => {parent_tid=[6125]}, 88) = 6125 [pid 6124] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6123] rt_sigprocmask(SIG_SETMASK, [], [pid 6124] <... futex resumed>) = 0 [pid 6123] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6124] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6123] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6123] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6125] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6125] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6125] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6125] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6124] <... futex resumed>) = ? [pid 6123] <... futex resumed>) = ? [pid 6124] +++ killed by SIGBUS +++ [pid 6125] +++ killed by SIGBUS +++ [pid 6123] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6123, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./364", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./364/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./364/binderfs") = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./364/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./364/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./364/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./364/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./364") = 0 mkdir("./365", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6126 ./strace-static-x86_64: Process 6126 attached [ 113.695005][ T6124] loop0: detected capacity change from 0 to 2048 [ 113.715977][ T6124] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6126] set_robust_list(0x5555562186a0, 24) = 0 [pid 6126] chdir("./365") = 0 [pid 6126] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6126] setpgid(0, 0) = 0 [pid 6126] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6126] write(3, "1000", 4) = 4 [pid 6126] close(3) = 0 [pid 6126] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6126] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6126] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6126] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6127 attached => {parent_tid=[6127]}, 88) = 6127 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], [pid 6127] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6127] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6127] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6127] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6126] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] <... futex resumed>) = 0 [pid 6126] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6127] memfd_create("syzkaller", 0) = 3 [pid 6127] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6127] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6127] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6127] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6127] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6127] close(3) = 0 [pid 6127] mkdir("./file0", 0777) = 0 [pid 6127] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6127] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6127] chdir("./file0") = 0 [pid 6127] ioctl(4, LOOP_CLR_FD) = 0 [pid 6127] close(4) = 0 [pid 6127] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6127] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6127] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... futex resumed>) = 0 [pid 6126] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6127] <... futex resumed>) = 0 [pid 6127] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6127] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6126] <... futex resumed>) = 0 [pid 6127] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6126] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6126] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6127] <... mmap resumed>) = 0x20000000 [pid 6127] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6127] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6126] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6126] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6126] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6126] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6128 attached => {parent_tid=[6128]}, 88) = 6128 [pid 6128] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6126] rt_sigprocmask(SIG_SETMASK, [], [pid 6128] <... rseq resumed>) = 0 [pid 6126] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6128] set_robust_list(0x7f3dc0d559a0, 24 [pid 6126] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6128] <... set_robust_list resumed>) = 0 [pid 6126] <... futex resumed>) = 0 [pid 6128] rt_sigprocmask(SIG_SETMASK, [], [pid 6126] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6128] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6128] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6126] <... futex resumed>) = ? [pid 6127] <... futex resumed>) = ? [pid 6128] +++ killed by SIGBUS +++ [pid 6127] +++ killed by SIGBUS +++ [pid 6126] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6126, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./365", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 [ 113.821201][ T6127] loop0: detected capacity change from 0 to 2048 [ 113.832918][ T6127] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./365/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./365/binderfs") = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./365/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./365/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./365/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./365/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./365") = 0 mkdir("./366", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6129 attached , child_tidptr=0x555556218690) = 6129 [pid 6129] set_robust_list(0x5555562186a0, 24) = 0 [pid 6129] chdir("./366") = 0 [pid 6129] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6129] setpgid(0, 0) = 0 [pid 6129] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6129] write(3, "1000", 4) = 4 [pid 6129] close(3) = 0 [pid 6129] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6129] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6129] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6129] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6130]}, 88) = 6130 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6129] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6130 attached [pid 6130] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6130] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6130] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6130] memfd_create("syzkaller", 0) = 3 [pid 6130] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6130] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6130] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6130] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6130] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6130] close(3) = 0 [pid 6130] mkdir("./file0", 0777) = 0 [pid 6130] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6130] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6130] chdir("./file0") = 0 [pid 6130] ioctl(4, LOOP_CLR_FD) = 0 [pid 6130] close(4) = 0 [pid 6130] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6130] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6129] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... futex resumed>) = 0 [pid 6130] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6130] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6130] <... futex resumed>) = 1 [pid 6130] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6130] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6129] <... futex resumed>) = 0 [pid 6129] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6129] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6129] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6129] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6129] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6131 attached => {parent_tid=[6131]}, 88) = 6131 [pid 6130] <... futex resumed>) = 1 [pid 6129] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6129] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6130] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6129] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6131] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6130] <... mmap resumed>) = 0x20000000 [pid 6131] <... rseq resumed>) = 0 [pid 6131] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6131] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6131] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6130] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6130] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6129] <... futex resumed>) = ? [pid 6130] <... futex resumed>) = ? [pid 6130] +++ killed by SIGBUS +++ [pid 6131] +++ killed by SIGBUS +++ [pid 6129] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6129, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./366", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./366/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./366/binderfs") = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./366/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./366/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./366/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 113.947188][ T6130] loop0: detected capacity change from 0 to 2048 [ 113.958741][ T6130] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./366/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./366") = 0 mkdir("./367", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6132 ./strace-static-x86_64: Process 6132 attached [pid 6132] set_robust_list(0x5555562186a0, 24) = 0 [pid 6132] chdir("./367") = 0 [pid 6132] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6132] setpgid(0, 0) = 0 [pid 6132] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6132] write(3, "1000", 4) = 4 [pid 6132] close(3) = 0 [pid 6132] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6132] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6132] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6132] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6133 attached [pid 6133] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6133] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6133] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6133] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... clone3 resumed> => {parent_tid=[6133]}, 88) = 6133 [pid 6132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6132] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... futex resumed>) = 0 [pid 6132] <... futex resumed>) = 1 [pid 6132] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6133] memfd_create("syzkaller", 0) = 3 [pid 6133] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6133] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6133] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6133] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6133] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6133] close(3) = 0 [pid 6133] mkdir("./file0", 0777) = 0 [pid 6133] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6133] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6133] chdir("./file0") = 0 [pid 6133] ioctl(4, LOOP_CLR_FD) = 0 [pid 6133] close(4) = 0 [pid 6133] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6133] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6133] <... futex resumed>) = 0 [pid 6133] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6132] <... futex resumed>) = 1 [pid 6132] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] <... open resumed>) = 4 [pid 6133] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6133] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6132] <... futex resumed>) = 0 [pid 6132] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6132] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6132] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6132] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6133] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< => {parent_tid=[6134]}, 88) = 6134 [pid 6132] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6132] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6132] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6133] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6133] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6134] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6134] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6134] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6134] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6133] <... futex resumed>) = ? [pid 6132] <... futex resumed>) = ? [pid 6134] +++ killed by SIGBUS +++ [pid 6133] +++ killed by SIGBUS +++ [pid 6132] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6132, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./367", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./367/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./367/binderfs") = 0 [ 114.073388][ T6133] loop0: detected capacity change from 0 to 2048 [ 114.085952][ T6133] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./367/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./367/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./367/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./367/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./367") = 0 mkdir("./368", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6135 ./strace-static-x86_64: Process 6135 attached [pid 6135] set_robust_list(0x5555562186a0, 24) = 0 [pid 6135] chdir("./368") = 0 [pid 6135] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6135] setpgid(0, 0) = 0 [pid 6135] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6135] write(3, "1000", 4) = 4 [pid 6135] close(3) = 0 [pid 6135] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6135] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6135] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6135] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6136 attached => {parent_tid=[6136]}, 88) = 6136 [pid 6136] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], [pid 6136] set_robust_list(0x7f3dc90769a0, 24 [pid 6135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6136] <... set_robust_list resumed>) = 0 [pid 6135] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] rt_sigprocmask(SIG_SETMASK, [], [pid 6135] <... futex resumed>) = 0 [pid 6136] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6136] memfd_create("syzkaller", 0) = 3 [pid 6136] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6136] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6136] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6136] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6136] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6136] close(3) = 0 [pid 6136] mkdir("./file0", 0777) = 0 [pid 6136] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6136] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6136] chdir("./file0") = 0 [pid 6136] ioctl(4, LOOP_CLR_FD) = 0 [pid 6136] close(4) = 0 [pid 6136] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6136] <... futex resumed>) = 0 [pid 6135] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6136] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6135] <... futex resumed>) = 0 [pid 6136] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6135] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6136] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6135] <... futex resumed>) = 0 [pid 6136] <... open resumed>) = 5 [pid 6135] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6136] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... futex resumed>) = 0 [pid 6135] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6135] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6136] <... futex resumed>) = 1 [pid 6136] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6135] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6136] <... mmap resumed>) = 0x20000000 [pid 6136] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6135] <... mprotect resumed>) = 0 [pid 6136] <... futex resumed>) = 0 [pid 6135] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6136] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6135] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6135] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6137]}, 88) = 6137 ./strace-static-x86_64: Process 6137 attached [pid 6137] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6135] rt_sigprocmask(SIG_SETMASK, [], [pid 6137] <... rseq resumed>) = 0 [pid 6135] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6135] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6137] set_robust_list(0x7f3dc0d559a0, 24 [pid 6135] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6137] <... set_robust_list resumed>) = 0 [pid 6137] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6137] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6136] <... futex resumed>) = ? [pid 6135] <... futex resumed>) = ? [pid 6137] +++ killed by SIGBUS +++ [pid 6136] +++ killed by SIGBUS +++ [pid 6135] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6135, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./368", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./368/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./368/binderfs") = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 114.192336][ T6136] loop0: detected capacity change from 0 to 2048 [ 114.204604][ T6136] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./368/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./368/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./368/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./368/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./368") = 0 mkdir("./369", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6138 ./strace-static-x86_64: Process 6138 attached [pid 6138] set_robust_list(0x5555562186a0, 24) = 0 [pid 6138] chdir("./369") = 0 [pid 6138] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6138] setpgid(0, 0) = 0 [pid 6138] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6138] write(3, "1000", 4) = 4 [pid 6138] close(3) = 0 [pid 6138] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6138] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6138] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6138] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6139]}, 88) = 6139 ./strace-static-x86_64: Process 6139 attached [pid 6138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6138] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6139] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6139] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6139] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6139] memfd_create("syzkaller", 0) = 3 [pid 6139] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6139] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6139] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6139] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6139] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6139] close(3) = 0 [pid 6139] mkdir("./file0", 0777) = 0 [pid 6139] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6139] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6139] chdir("./file0") = 0 [pid 6139] ioctl(4, LOOP_CLR_FD) = 0 [pid 6139] close(4) = 0 [pid 6139] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] <... futex resumed>) = 1 [pid 6139] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6139] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6139] <... futex resumed>) = 0 [pid 6139] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6138] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6139] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6138] <... futex resumed>) = 0 [pid 6138] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6138] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6139] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6138] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6138] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6138] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6139] <... mmap resumed>) = 0x20000000 [pid 6138] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6138] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6139] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6140 attached ) = 0 [pid 6140] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6140] set_robust_list(0x7f3dc0d559a0, 24 [pid 6139] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6140] <... set_robust_list resumed>) = 0 [pid 6140] rt_sigprocmask(SIG_SETMASK, [], [pid 6138] <... clone3 resumed> => {parent_tid=[6140]}, 88) = 6140 [pid 6140] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6140] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6138] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6138] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6140] <... futex resumed>) = 0 [pid 6138] <... futex resumed>) = 1 [pid 6138] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6140] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6139] <... futex resumed>) = ? [pid 6140] +++ killed by SIGBUS +++ [pid 6139] +++ killed by SIGBUS +++ [pid 6138] <... futex resumed>) = ? [pid 6138] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6138, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./369", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./369/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./369/binderfs") = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./369/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./369/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./369/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./369/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./369") = 0 mkdir("./370", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6141 attached , child_tidptr=0x555556218690) = 6141 [pid 6141] set_robust_list(0x5555562186a0, 24) = 0 [pid 6141] chdir("./370") = 0 [pid 6141] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6141] setpgid(0, 0) = 0 [pid 6141] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6141] write(3, "1000", 4) = 4 [pid 6141] close(3) = 0 [pid 6141] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6141] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6141] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6141] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6142 attached => {parent_tid=[6142]}, 88) = 6142 [pid 6142] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], [pid 6142] <... rseq resumed>) = 0 [pid 6141] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6142] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6141] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] rt_sigprocmask(SIG_SETMASK, [], [pid 6141] <... futex resumed>) = 0 [pid 6142] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6141] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6142] memfd_create("syzkaller", 0) = 3 [pid 6142] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [ 114.306577][ T6139] loop0: detected capacity change from 0 to 2048 [ 114.318351][ T6139] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6142] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6142] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6142] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6142] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6142] close(3) = 0 [pid 6142] mkdir("./file0", 0777) = 0 [pid 6142] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6142] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6142] chdir("./file0") = 0 [pid 6142] ioctl(4, LOOP_CLR_FD) = 0 [pid 6142] close(4) = 0 [pid 6142] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 1 [pid 6142] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6142] <... open resumed>) = 4 [pid 6142] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6141] <... futex resumed>) = 0 [pid 6141] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 1 [pid 6142] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6142] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6142] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = 0 [pid 6142] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] <... futex resumed>) = 1 [pid 6141] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6141] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6142] <... futex resumed>) = 0 [pid 6142] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6141] <... futex resumed>) = 1 [pid 6141] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6142] <... mmap resumed>) = 0x20000000 [pid 6141] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6142] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] <... mprotect resumed>) = 0 [pid 6142] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6141] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6141] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6143 attached => {parent_tid=[6143]}, 88) = 6143 [pid 6141] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6141] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6141] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6143] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6143] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6143] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6143] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6141] <... futex resumed>) = ? [pid 6142] <... futex resumed>) = ? [pid 6142] +++ killed by SIGBUS +++ [pid 6143] +++ killed by SIGBUS +++ [pid 6141] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6141, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./370", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./370/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./370/binderfs") = 0 [ 114.399336][ T6142] loop0: detected capacity change from 0 to 2048 [ 114.412071][ T6142] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./370/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./370/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./370/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./370/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./370") = 0 mkdir("./371", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6144 attached , child_tidptr=0x555556218690) = 6144 [pid 6144] set_robust_list(0x5555562186a0, 24) = 0 [pid 6144] chdir("./371") = 0 [pid 6144] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6144] setpgid(0, 0) = 0 [pid 6144] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6144] write(3, "1000", 4) = 4 [pid 6144] close(3) = 0 [pid 6144] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6144] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6144] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6144] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6144] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6144] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6145 attached => {parent_tid=[6145]}, 88) = 6145 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6144] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6145] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6145] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6145] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6145] memfd_create("syzkaller", 0) = 3 [pid 6145] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6145] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6145] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6145] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6145] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6145] close(3) = 0 [pid 6145] mkdir("./file0", 0777) = 0 [pid 6145] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6145] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6145] chdir("./file0") = 0 [pid 6145] ioctl(4, LOOP_CLR_FD) = 0 [pid 6145] close(4) = 0 [pid 6145] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6144] <... futex resumed>) = 0 [pid 6145] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6145] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6144] <... futex resumed>) = 0 [pid 6145] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6144] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... open resumed>) = 4 [pid 6145] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6145] <... futex resumed>) = 1 [pid 6145] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6145] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6144] <... futex resumed>) = 0 [pid 6144] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] <... futex resumed>) = 1 [pid 6144] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6145] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6145] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6145] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6144] <... clone3 resumed> => {parent_tid=[6146]}, 88) = 6146 [pid 6144] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6144] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6144] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6146] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6146] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6146] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6146] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6145] <... futex resumed>) = ? [pid 6145] +++ killed by SIGBUS +++ [pid 6144] <... futex resumed>) = ? [pid 6146] +++ killed by SIGBUS +++ [pid 6144] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6144, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./371", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./371/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./371/binderfs") = 0 [ 114.517825][ T6145] loop0: detected capacity change from 0 to 2048 [ 114.528559][ T6145] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./371/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./371/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./371/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./371/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./371") = 0 mkdir("./372", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6147 ./strace-static-x86_64: Process 6147 attached [pid 6147] set_robust_list(0x5555562186a0, 24) = 0 [pid 6147] chdir("./372") = 0 [pid 6147] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6147] setpgid(0, 0) = 0 [pid 6147] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6147] write(3, "1000", 4) = 4 [pid 6147] close(3) = 0 [pid 6147] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6147] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6147] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6147] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6148 attached [pid 6148] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6147] <... clone3 resumed> => {parent_tid=[6148]}, 88) = 6148 [pid 6148] <... rseq resumed>) = 0 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], [pid 6148] set_robust_list(0x7f3dc90769a0, 24 [pid 6147] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6148] <... set_robust_list resumed>) = 0 [pid 6148] rt_sigprocmask(SIG_SETMASK, [], [pid 6147] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6147] <... futex resumed>) = 0 [pid 6148] memfd_create("syzkaller", 0) = 3 [pid 6147] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6148] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6148] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6148] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6148] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6148] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6148] close(3) = 0 [pid 6148] mkdir("./file0", 0777) = 0 [pid 6148] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6148] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6148] chdir("./file0") = 0 [pid 6148] ioctl(4, LOOP_CLR_FD) = 0 [pid 6148] close(4) = 0 [pid 6148] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... futex resumed>) = 0 [pid 6148] <... futex resumed>) = 1 [pid 6148] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6147] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... open resumed>) = 4 [pid 6148] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6148] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6147] <... futex resumed>) = 0 [pid 6148] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6147] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6148] <... open resumed>) = 5 [pid 6148] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6147] <... futex resumed>) = 0 [pid 6148] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6147] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6147] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6148] <... mmap resumed>) = 0x20000000 [pid 6147] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6147] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6148] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6147] <... mprotect resumed>) = 0 [pid 6148] <... futex resumed>) = 0 [pid 6148] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6147] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6147] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6149 attached => {parent_tid=[6149]}, 88) = 6149 [pid 6147] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6147] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6149] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6149] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6147] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6149] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6149] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6149] +++ killed by SIGBUS +++ [pid 6148] <... futex resumed>) = ? [pid 6147] <... futex resumed>) = ? [pid 6148] +++ killed by SIGBUS +++ [ 114.642102][ T6148] loop0: detected capacity change from 0 to 2048 [ 114.654319][ T6148] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6147] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6147, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./372", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./372/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./372/binderfs") = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./372/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./372/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./372/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./372/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./372") = 0 mkdir("./373", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6150 ./strace-static-x86_64: Process 6150 attached [pid 6150] set_robust_list(0x5555562186a0, 24) = 0 [pid 6150] chdir("./373") = 0 [pid 6150] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6150] setpgid(0, 0) = 0 [pid 6150] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6150] write(3, "1000", 4) = 4 [pid 6150] close(3) = 0 [pid 6150] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6150] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6150] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6150] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6150] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6151]}, 88) = 6151 ./strace-static-x86_64: Process 6151 attached [pid 6151] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6151] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6151] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6151] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6150] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... futex resumed>) = 0 [pid 6150] <... futex resumed>) = 1 [pid 6151] memfd_create("syzkaller", 0 [pid 6150] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6151] <... memfd_create resumed>) = 3 [pid 6151] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6151] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6151] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6151] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6151] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6151] close(3) = 0 [pid 6151] mkdir("./file0", 0777) = 0 [pid 6151] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6151] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6151] chdir("./file0") = 0 [pid 6151] ioctl(4, LOOP_CLR_FD) = 0 [pid 6151] close(4) = 0 [pid 6151] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] <... futex resumed>) = 1 [pid 6151] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6151] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6151] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6150] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6151] <... open resumed>) = 5 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6151] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6150] <... futex resumed>) = 0 [pid 6150] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6150] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6151] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6150] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6151] <... mmap resumed>) = 0x20000000 [pid 6150] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6150] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6152]}, 88) = 6152 [pid 6151] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6150] rt_sigprocmask(SIG_SETMASK, [], [pid 6151] <... futex resumed>) = 0 [pid 6150] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6151] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6150] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6150] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6152 attached [pid 6152] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6152] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6152] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6152] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6151] <... futex resumed>) = ? [pid 6150] <... futex resumed>) = ? [pid 6152] +++ killed by SIGBUS +++ [pid 6151] +++ killed by SIGBUS +++ [pid 6150] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6150, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./373", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./373/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./373/binderfs") = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./373/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./373/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./373/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./373/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./373") = 0 mkdir("./374", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 114.770925][ T6151] loop0: detected capacity change from 0 to 2048 [ 114.783059][ T6151] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6153 attached , child_tidptr=0x555556218690) = 6153 [pid 6153] set_robust_list(0x5555562186a0, 24) = 0 [pid 6153] chdir("./374") = 0 [pid 6153] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6153] setpgid(0, 0) = 0 [pid 6153] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6153] write(3, "1000", 4) = 4 [pid 6153] close(3) = 0 [pid 6153] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6153] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6153] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6153] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6154]}, 88) = 6154 ./strace-static-x86_64: Process 6154 attached [pid 6153] rt_sigprocmask(SIG_SETMASK, [], [pid 6154] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6154] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6154] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6153] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6154] memfd_create("syzkaller", 0) = 3 [pid 6154] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6154] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6154] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6154] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6154] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6154] close(3) = 0 [pid 6154] mkdir("./file0", 0777) = 0 [pid 6154] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6154] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6154] chdir("./file0") = 0 [pid 6154] ioctl(4, LOOP_CLR_FD) = 0 [pid 6154] close(4) = 0 [pid 6154] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6154] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6153] <... futex resumed>) = 0 [pid 6154] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6153] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6154] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6153] <... futex resumed>) = 0 [pid 6154] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6153] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6154] <... open resumed>) = 5 [pid 6154] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6153] <... futex resumed>) = 0 [pid 6154] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6153] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6154] <... mmap resumed>) = 0x20000000 [pid 6153] <... futex resumed>) = 0 [pid 6153] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6154] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6153] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6153] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6154] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6153] <... mprotect resumed>) = 0 [pid 6153] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6153] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6155 attached [pid 6155] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6153] <... clone3 resumed> => {parent_tid=[6155]}, 88) = 6155 [pid 6155] <... rseq resumed>) = 0 [pid 6153] rt_sigprocmask(SIG_SETMASK, [], [pid 6155] set_robust_list(0x7f3dc0d559a0, 24 [pid 6153] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6155] <... set_robust_list resumed>) = 0 [pid 6153] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6155] rt_sigprocmask(SIG_SETMASK, [], [pid 6153] <... futex resumed>) = 0 [pid 6155] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6153] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6155] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6153] <... futex resumed>) = ? [pid 6154] <... futex resumed>) = ? [pid 6154] +++ killed by SIGBUS +++ [pid 6155] +++ killed by SIGBUS +++ [pid 6153] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6153, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./374", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./374/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./374/binderfs") = 0 [ 114.872259][ T6154] loop0: detected capacity change from 0 to 2048 [ 114.888512][ T6154] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./374/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./374/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./374/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./374/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./374") = 0 mkdir("./375", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6156 attached , child_tidptr=0x555556218690) = 6156 [pid 6156] set_robust_list(0x5555562186a0, 24) = 0 [pid 6156] chdir("./375") = 0 [pid 6156] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6156] setpgid(0, 0) = 0 [pid 6156] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6156] write(3, "1000", 4) = 4 [pid 6156] close(3) = 0 [pid 6156] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6156] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6156] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6156] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6157 attached [pid 6157] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6156] <... clone3 resumed> => {parent_tid=[6157]}, 88) = 6157 [pid 6157] <... rseq resumed>) = 0 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6157] set_robust_list(0x7f3dc90769a0, 24 [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6157] <... set_robust_list resumed>) = 0 [pid 6156] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] <... futex resumed>) = 0 [pid 6157] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6157] memfd_create("syzkaller", 0) = 3 [pid 6157] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6157] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6157] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6157] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6157] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6157] close(3) = 0 [pid 6157] mkdir("./file0", 0777) = 0 [pid 6157] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6157] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6157] chdir("./file0") = 0 [pid 6157] ioctl(4, LOOP_CLR_FD) = 0 [pid 6157] close(4) = 0 [pid 6157] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6157] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] <... futex resumed>) = 0 [pid 6157] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6157] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6157] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6156] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6157] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6157] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6156] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6157] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6156] <... futex resumed>) = 0 [pid 6156] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6156] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6157] <... mmap resumed>) = 0x20000000 [pid 6157] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6157] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6156] <... mprotect resumed>) = 0 [pid 6156] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6156] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6158 attached [pid 6158] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6158] set_robust_list(0x7f3dc0d559a0, 24 [pid 6156] <... clone3 resumed> => {parent_tid=[6158]}, 88) = 6158 [pid 6158] <... set_robust_list resumed>) = 0 [pid 6156] rt_sigprocmask(SIG_SETMASK, [], [pid 6158] rt_sigprocmask(SIG_SETMASK, [], [pid 6156] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6158] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6156] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6158] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6156] <... futex resumed>) = 0 [pid 6156] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6157] <... futex resumed>) = ? [pid 6158] +++ killed by SIGBUS +++ [pid 6157] +++ killed by SIGBUS +++ [pid 6156] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6156, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./375", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./375/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./375/binderfs") = 0 [ 114.991157][ T6157] loop0: detected capacity change from 0 to 2048 [ 115.001717][ T6157] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./375/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./375/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./375/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./375/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./375") = 0 mkdir("./376", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6159 attached , child_tidptr=0x555556218690) = 6159 [pid 6159] set_robust_list(0x5555562186a0, 24) = 0 [pid 6159] chdir("./376") = 0 [pid 6159] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6159] setpgid(0, 0) = 0 [pid 6159] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6159] write(3, "1000", 4) = 4 [pid 6159] close(3) = 0 [pid 6159] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6159] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6159] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6159] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6160 attached => {parent_tid=[6160]}, 88) = 6160 [pid 6160] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], [pid 6160] <... rseq resumed>) = 0 [pid 6159] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6160] set_robust_list(0x7f3dc90769a0, 24 [pid 6159] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... set_robust_list resumed>) = 0 [pid 6160] rt_sigprocmask(SIG_SETMASK, [], [pid 6159] <... futex resumed>) = 0 [pid 6160] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6159] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6160] memfd_create("syzkaller", 0) = 3 [pid 6160] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6160] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6160] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6160] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6160] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6160] close(3) = 0 [pid 6160] mkdir("./file0", 0777) = 0 [pid 6160] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6160] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6160] chdir("./file0") = 0 [pid 6160] ioctl(4, LOOP_CLR_FD) = 0 [pid 6160] close(4) = 0 [pid 6160] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6160] <... futex resumed>) = 1 [pid 6159] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6160] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = 1 [pid 6160] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6159] <... futex resumed>) = 0 [pid 6160] <... open resumed>) = 5 [pid 6159] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6160] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... futex resumed>) = 0 [pid 6159] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6160] <... futex resumed>) = 1 [pid 6159] <... futex resumed>) = 0 [pid 6160] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6159] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6160] <... mmap resumed>) = 0x20000000 [pid 6159] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6159] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6160] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6159] <... mprotect resumed>) = 0 [pid 6160] <... futex resumed>) = 0 [pid 6160] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6159] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6159] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6161 attached => {parent_tid=[6161]}, 88) = 6161 [pid 6159] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6159] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6159] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6161] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6161] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6161] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6161] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6159] <... futex resumed>) = ? [pid 6160] <... futex resumed>) = ? [pid 6161] +++ killed by SIGBUS +++ [pid 6160] +++ killed by SIGBUS +++ [pid 6159] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6159, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./376", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./376/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./376/binderfs") = 0 [ 115.105449][ T6160] loop0: detected capacity change from 0 to 2048 [ 115.117506][ T6160] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./376/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./376/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./376/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./376/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./376") = 0 mkdir("./377", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6162 ./strace-static-x86_64: Process 6162 attached [pid 6162] set_robust_list(0x5555562186a0, 24) = 0 [pid 6162] chdir("./377") = 0 [pid 6162] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6162] setpgid(0, 0) = 0 [pid 6162] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6162] write(3, "1000", 4) = 4 [pid 6162] close(3) = 0 [pid 6162] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6162] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6162] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6162] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6163 attached [pid 6163] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6162] <... clone3 resumed> => {parent_tid=[6163]}, 88) = 6163 [pid 6163] <... rseq resumed>) = 0 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6163] set_robust_list(0x7f3dc90769a0, 24 [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6163] <... set_robust_list resumed>) = 0 [pid 6162] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] rt_sigprocmask(SIG_SETMASK, [], [pid 6162] <... futex resumed>) = 0 [pid 6163] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6162] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6163] memfd_create("syzkaller", 0) = 3 [pid 6163] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6163] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6163] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6163] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6163] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6163] close(3) = 0 [pid 6163] mkdir("./file0", 0777) = 0 [pid 6163] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6163] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6163] chdir("./file0") = 0 [pid 6163] ioctl(4, LOOP_CLR_FD) = 0 [pid 6163] close(4) = 0 [pid 6163] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6163] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] <... futex resumed>) = 0 [pid 6162] <... futex resumed>) = 1 [pid 6163] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6162] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... open resumed>) = 4 [pid 6163] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6163] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6162] <... futex resumed>) = 0 [pid 6162] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6163] <... open resumed>) = 5 [pid 6163] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6162] <... futex resumed>) = 0 [pid 6163] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6162] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6162] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6163] <... mmap resumed>) = 0x20000000 [pid 6163] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6163] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6162] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6162] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6162] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6162] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6164 attached [pid 6164] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6162] <... clone3 resumed> => {parent_tid=[6164]}, 88) = 6164 [pid 6164] <... rseq resumed>) = 0 [pid 6162] rt_sigprocmask(SIG_SETMASK, [], [pid 6164] set_robust_list(0x7f3dc0d559a0, 24 [pid 6162] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6164] <... set_robust_list resumed>) = 0 [pid 6162] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6164] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6162] <... futex resumed>) = 0 [pid 6164] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6162] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6163] <... futex resumed>) = ? [pid 6164] +++ killed by SIGBUS +++ [pid 6163] +++ killed by SIGBUS +++ [pid 6162] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6162, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./377", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./377/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./377/binderfs") = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./377/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./377/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./377/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./377/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./377") = 0 mkdir("./378", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6165 attached , child_tidptr=0x555556218690) = 6165 [pid 6165] set_robust_list(0x5555562186a0, 24) = 0 [ 115.231673][ T6163] loop0: detected capacity change from 0 to 2048 [ 115.242973][ T6163] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6165] chdir("./378") = 0 [pid 6165] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6165] setpgid(0, 0) = 0 [pid 6165] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6165] write(3, "1000", 4) = 4 [pid 6165] close(3) = 0 [pid 6165] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6165] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6165] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6165] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6166]}, 88) = 6166 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6165] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6166 attached [pid 6166] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6166] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6166] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6166] memfd_create("syzkaller", 0) = 3 [pid 6166] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6166] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6166] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6166] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6166] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6166] close(3) = 0 [pid 6166] mkdir("./file0", 0777) = 0 [pid 6166] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6166] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6166] chdir("./file0") = 0 [pid 6166] ioctl(4, LOOP_CLR_FD) = 0 [pid 6166] close(4) = 0 [pid 6166] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6166] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = 0 [pid 6165] <... futex resumed>) = 1 [pid 6166] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6165] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... open resumed>) = 4 [pid 6166] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 1 [pid 6166] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6166] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6165] <... futex resumed>) = 0 [pid 6165] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6165] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6165] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6165] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6165] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6167 attached => {parent_tid=[6167]}, 88) = 6167 [pid 6167] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6165] rt_sigprocmask(SIG_SETMASK, [], [pid 6167] <... rseq resumed>) = 0 [pid 6167] set_robust_list(0x7f3dc0d559a0, 24 [pid 6165] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6167] <... set_robust_list resumed>) = 0 [pid 6167] rt_sigprocmask(SIG_SETMASK, [], [pid 6165] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6165] <... futex resumed>) = 0 [pid 6167] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6165] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] <... futex resumed>) = 1 [pid 6167] <... open resumed>) = 6 [pid 6166] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6167] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... mmap resumed>) = 0x20000000 [pid 6167] <... futex resumed>) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6167] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6165] <... futex resumed>) = 0 [pid 6167] write(6, 0x20000000, 34136651 [pid 6165] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6167] <... write resumed>) = -1 EFAULT (Bad address) [pid 6166] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6167] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6166] <... futex resumed>) = 0 [pid 6167] <... futex resumed>) = 1 [pid 6166] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] <... futex resumed>) = 0 [pid 6167] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6166] <... futex resumed>) = 0 [pid 6165] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6166] ftruncate(4, 2) = 0 [pid 6166] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6165] <... futex resumed>) = 0 [pid 6166] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6165] exit_group(0 [pid 6166] <... futex resumed>) = ? [pid 6167] <... futex resumed>) = ? [pid 6167] +++ exited with 0 +++ [pid 6166] +++ exited with 0 +++ [pid 6165] <... exit_group resumed>) = ? [pid 6165] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6165, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./378", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./378/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./378/binderfs") = 0 [ 115.321466][ T6166] loop0: detected capacity change from 0 to 2048 [ 115.334152][ T6166] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./378/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./378/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./378/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./378/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./378") = 0 mkdir("./379", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6168 ./strace-static-x86_64: Process 6168 attached [pid 6168] set_robust_list(0x5555562186a0, 24) = 0 [pid 6168] chdir("./379") = 0 [pid 6168] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6168] setpgid(0, 0) = 0 [pid 6168] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6168] write(3, "1000", 4) = 4 [pid 6168] close(3) = 0 [pid 6168] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6168] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6168] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6168] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6169]}, 88) = 6169 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6168] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6169 attached [pid 6169] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6169] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6169] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6169] memfd_create("syzkaller", 0) = 3 [pid 6169] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6169] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6169] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6169] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6169] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6169] close(3) = 0 [pid 6169] mkdir("./file0", 0777) = 0 [pid 6169] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6169] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6169] chdir("./file0") = 0 [pid 6169] ioctl(4, LOOP_CLR_FD) = 0 [pid 6169] close(4) = 0 [pid 6169] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6169] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6169] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6168] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] <... open resumed>) = 4 [pid 6169] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6169] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = 0 [pid 6168] <... futex resumed>) = 1 [pid 6168] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6169] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6169] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6168] <... futex resumed>) = 0 [pid 6169] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6168] <... futex resumed>) = 0 [pid 6169] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6168] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6169] <... mmap resumed>) = 0x20000000 [pid 6168] <... futex resumed>) = 0 [pid 6169] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6168] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6169] <... futex resumed>) = 0 [pid 6169] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6168] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6168] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6168] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6168] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6170 attached [pid 6170] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6168] <... clone3 resumed> => {parent_tid=[6170]}, 88) = 6170 [pid 6170] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6168] rt_sigprocmask(SIG_SETMASK, [], [pid 6170] rt_sigprocmask(SIG_SETMASK, [], [pid 6168] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6170] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6170] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6168] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6168] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6169] <... futex resumed>) = ? [pid 6170] +++ killed by SIGBUS +++ [pid 6169] +++ killed by SIGBUS +++ [pid 6168] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6168, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./379", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 115.430210][ T6169] loop0: detected capacity change from 0 to 2048 [ 115.442498][ T6169] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./379", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./379/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./379/binderfs") = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./379/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./379/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./379/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./379/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./379") = 0 mkdir("./380", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6171 attached , child_tidptr=0x555556218690) = 6171 [pid 6171] set_robust_list(0x5555562186a0, 24) = 0 [pid 6171] chdir("./380") = 0 [pid 6171] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6171] setpgid(0, 0) = 0 [pid 6171] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6171] write(3, "1000", 4) = 4 [pid 6171] close(3) = 0 [pid 6171] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6171] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6171] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6171] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6171] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6172 attached [pid 6172] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6171] <... clone3 resumed> => {parent_tid=[6172]}, 88) = 6172 [pid 6172] <... rseq resumed>) = 0 [pid 6171] rt_sigprocmask(SIG_SETMASK, [], [pid 6172] set_robust_list(0x7f3dc90769a0, 24 [pid 6171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6172] <... set_robust_list resumed>) = 0 [pid 6171] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6171] <... futex resumed>) = 0 [pid 6172] memfd_create("syzkaller", 0 [pid 6171] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6172] <... memfd_create resumed>) = 3 [pid 6172] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6172] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6172] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6172] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6172] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6172] close(3) = 0 [pid 6172] mkdir("./file0", 0777) = 0 [pid 6172] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6172] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6172] chdir("./file0") = 0 [pid 6172] ioctl(4, LOOP_CLR_FD) = 0 [pid 6172] close(4) = 0 [pid 6172] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] <... open resumed>) = 4 [pid 6172] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6171] <... futex resumed>) = 0 [pid 6172] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6171] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] <... open resumed>) = 5 [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6172] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] <... futex resumed>) = 1 [pid 6171] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6172] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6171] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6171] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6172] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6172] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6171] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6171] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6173]}, 88) = 6173 ./strace-static-x86_64: Process 6173 attached [pid 6173] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6171] rt_sigprocmask(SIG_SETMASK, [], [pid 6173] <... rseq resumed>) = 0 [pid 6173] set_robust_list(0x7f3dc0d559a0, 24 [pid 6171] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6173] <... set_robust_list resumed>) = 0 [pid 6173] rt_sigprocmask(SIG_SETMASK, [], [pid 6171] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6173] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6171] <... futex resumed>) = 0 [pid 6171] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6173] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6172] <... futex resumed>) = ? [pid 6171] <... futex resumed>) = ? [pid 6173] +++ killed by SIGBUS +++ [pid 6172] +++ killed by SIGBUS +++ [pid 6171] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6171, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./380", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./380/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./380/binderfs") = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./380/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./380/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./380/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 115.546377][ T6172] loop0: detected capacity change from 0 to 2048 [ 115.557884][ T6172] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./380/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./380") = 0 mkdir("./381", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6174 ./strace-static-x86_64: Process 6174 attached [pid 6174] set_robust_list(0x5555562186a0, 24) = 0 [pid 6174] chdir("./381") = 0 [pid 6174] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6174] setpgid(0, 0) = 0 [pid 6174] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6174] write(3, "1000", 4) = 4 [pid 6174] close(3) = 0 [pid 6174] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6174] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6174] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6174] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6175]}, 88) = 6175 [pid 6174] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6174] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6175 attached ) = 0 [pid 6175] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6174] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6175] <... rseq resumed>) = 0 [pid 6175] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6175] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6175] memfd_create("syzkaller", 0) = 3 [pid 6175] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6175] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6175] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6175] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6175] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6175] close(3) = 0 [pid 6175] mkdir("./file0", 0777) = 0 [pid 6175] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6175] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6175] chdir("./file0") = 0 [pid 6175] ioctl(4, LOOP_CLR_FD) = 0 [pid 6175] close(4) = 0 [pid 6175] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6174] <... futex resumed>) = 0 [pid 6175] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6174] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... open resumed>) = 4 [pid 6175] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = 1 [pid 6175] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6174] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6175] <... open resumed>) = 5 [pid 6175] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6174] <... futex resumed>) = 0 [pid 6175] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6174] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6175] <... futex resumed>) = 0 [pid 6174] <... futex resumed>) = 1 [pid 6175] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6174] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6174] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6175] <... mmap resumed>) = 0x20000000 [pid 6174] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6174] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6174] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6174] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6176 attached [pid 6175] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6174] <... clone3 resumed> => {parent_tid=[6176]}, 88) = 6176 [pid 6176] <... rseq resumed>) = 0 [pid 6175] <... futex resumed>) = 0 [pid 6174] rt_sigprocmask(SIG_SETMASK, [], [pid 6176] set_robust_list(0x7f3dc0d559a0, 24 [pid 6174] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6176] <... set_robust_list resumed>) = 0 [pid 6174] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6176] rt_sigprocmask(SIG_SETMASK, [], [pid 6174] <... futex resumed>) = 0 [pid 6176] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6174] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6176] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6175] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = ? [pid 6174] <... futex resumed>) = ? [pid 6176] +++ killed by SIGBUS +++ [pid 6175] +++ killed by SIGBUS +++ [pid 6174] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6174, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./381", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./381/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./381/binderfs") = 0 [ 115.670877][ T6175] loop0: detected capacity change from 0 to 2048 [ 115.683618][ T6175] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./381/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./381/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./381/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./381/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./381") = 0 mkdir("./382", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6177 attached , child_tidptr=0x555556218690) = 6177 [pid 6177] set_robust_list(0x5555562186a0, 24) = 0 [pid 6177] chdir("./382") = 0 [pid 6177] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6177] setpgid(0, 0) = 0 [pid 6177] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6177] write(3, "1000", 4) = 4 [pid 6177] close(3) = 0 [pid 6177] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6177] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6177] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6177] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6178 attached => {parent_tid=[6178]}, 88) = 6178 [pid 6178] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6178] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6178] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] <... futex resumed>) = 0 [pid 6178] memfd_create("syzkaller", 0 [pid 6177] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6178] <... memfd_create resumed>) = 3 [pid 6178] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6178] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6178] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6178] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6178] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6178] close(3) = 0 [pid 6178] mkdir("./file0", 0777) = 0 [pid 6178] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6178] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6178] chdir("./file0") = 0 [pid 6178] ioctl(4, LOOP_CLR_FD) = 0 [pid 6178] close(4) = 0 [pid 6178] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6178] <... futex resumed>) = 1 [pid 6177] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... open resumed>) = 4 [pid 6178] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 1 [pid 6177] <... futex resumed>) = 0 [pid 6178] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6177] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... open resumed>) = 5 [pid 6178] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6178] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] <... futex resumed>) = 0 [pid 6177] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6178] <... futex resumed>) = 0 [pid 6177] <... futex resumed>) = 1 [pid 6178] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6177] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6178] <... mmap resumed>) = 0x20000000 [pid 6178] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6177] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6178] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6177] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6177] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6177] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6179 attached [pid 6179] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6177] <... clone3 resumed> => {parent_tid=[6179]}, 88) = 6179 [pid 6179] set_robust_list(0x7f3dc0d559a0, 24 [pid 6177] rt_sigprocmask(SIG_SETMASK, [], [pid 6179] <... set_robust_list resumed>) = 0 [pid 6177] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6179] rt_sigprocmask(SIG_SETMASK, [], [pid 6177] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6179] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6177] <... futex resumed>) = 0 [pid 6179] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6177] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6178] <... futex resumed>) = ? [ 115.789325][ T6178] loop0: detected capacity change from 0 to 2048 [ 115.801888][ T6178] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6178] +++ killed by SIGBUS +++ [pid 6177] <... futex resumed>) = ? [pid 6179] +++ killed by SIGBUS +++ [pid 6177] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6177, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./382", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./382/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./382/binderfs") = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./382/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./382/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./382/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./382/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./382") = 0 mkdir("./383", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6180 attached [pid 6180] set_robust_list(0x5555562186a0, 24) = 0 [pid 6180] chdir("./383" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6180 [pid 6180] <... chdir resumed>) = 0 [pid 6180] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6180] setpgid(0, 0) = 0 [pid 6180] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6180] write(3, "1000", 4) = 4 [pid 6180] close(3) = 0 [pid 6180] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6180] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6180] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6180] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6180] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6180] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6181 attached [pid 6181] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6181] set_robust_list(0x7f3dc90769a0, 24 [pid 6180] <... clone3 resumed> => {parent_tid=[6181]}, 88) = 6181 [pid 6181] <... set_robust_list resumed>) = 0 [pid 6180] rt_sigprocmask(SIG_SETMASK, [], [pid 6181] rt_sigprocmask(SIG_SETMASK, [], [pid 6180] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6181] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] memfd_create("syzkaller", 0 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6181] <... memfd_create resumed>) = 3 [pid 6181] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6181] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6181] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6181] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6181] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6181] close(3) = 0 [pid 6181] mkdir("./file0", 0777) = 0 [pid 6181] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6181] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6181] chdir("./file0") = 0 [pid 6181] ioctl(4, LOOP_CLR_FD) = 0 [pid 6181] close(4) = 0 [pid 6181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6181] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] <... futex resumed>) = 0 [pid 6181] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] <... open resumed>) = 4 [pid 6181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... futex resumed>) = 1 [pid 6180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6180] <... futex resumed>) = 0 [pid 6181] <... open resumed>) = 5 [pid 6180] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... futex resumed>) = 0 [pid 6180] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6180] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6181] <... futex resumed>) = 1 [pid 6180] <... futex resumed>) = 0 [pid 6180] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6181] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6180] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6181] <... mmap resumed>) = 0x20000000 [pid 6180] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6180] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6181] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6180] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6181] <... futex resumed>) = 0 [pid 6180] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6181] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6180] <... clone3 resumed> => {parent_tid=[6182]}, 88) = 6182 [pid 6180] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6180] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6180] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6182 attached [pid 6182] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6182] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6182] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6182] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6181] <... futex resumed>) = ? [pid 6181] +++ killed by SIGBUS +++ [pid 6180] <... futex resumed>) = ? [pid 6182] +++ killed by SIGBUS +++ [pid 6180] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6180, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./383", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./383/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./383/binderfs") = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./383/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./383/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./383/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./383/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./383") = 0 mkdir("./384", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 115.906765][ T6181] loop0: detected capacity change from 0 to 2048 [ 115.917822][ T6181] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6183 ./strace-static-x86_64: Process 6183 attached [pid 6183] set_robust_list(0x5555562186a0, 24) = 0 [pid 6183] chdir("./384") = 0 [pid 6183] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6183] setpgid(0, 0) = 0 [pid 6183] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6183] write(3, "1000", 4) = 4 [pid 6183] close(3) = 0 [pid 6183] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6183] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6183] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6183] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6184 attached [pid 6184] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6184] set_robust_list(0x7f3dc90769a0, 24 [pid 6183] <... clone3 resumed> => {parent_tid=[6184]}, 88) = 6184 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6184] <... set_robust_list resumed>) = 0 [pid 6184] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6184] memfd_create("syzkaller", 0) = 3 [pid 6184] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6184] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6184] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6184] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6184] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6184] close(3) = 0 [pid 6184] mkdir("./file0", 0777) = 0 [pid 6184] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6184] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6184] chdir("./file0") = 0 [pid 6184] ioctl(4, LOOP_CLR_FD) = 0 [pid 6184] close(4) = 0 [pid 6184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... open resumed>) = 4 [pid 6184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6183] <... futex resumed>) = 0 [pid 6184] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6184] <... futex resumed>) = 0 [pid 6184] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6183] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6184] <... open resumed>) = 5 [pid 6184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6184] <... futex resumed>) = 0 [pid 6183] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6184] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6183] <... futex resumed>) = 0 [pid 6183] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6184] <... mmap resumed>) = 0x20000000 [pid 6184] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6183] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6184] <... futex resumed>) = 0 [pid 6183] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6184] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6183] <... mprotect resumed>) = 0 [pid 6183] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6183] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6185]}, 88) = 6185 [pid 6183] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6183] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6183] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6185 attached [pid 6185] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6185] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6185] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6185] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6183] <... futex resumed>) = ? [pid 6184] <... futex resumed>) = ? [pid 6185] +++ killed by SIGBUS +++ [pid 6184] +++ killed by SIGBUS +++ [pid 6183] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6183, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./384", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./384/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./384/binderfs") = 0 [ 116.012526][ T6184] loop0: detected capacity change from 0 to 2048 [ 116.023087][ T6184] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./384/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./384/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./384/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./384/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./384") = 0 mkdir("./385", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6186 attached , child_tidptr=0x555556218690) = 6186 [pid 6186] set_robust_list(0x5555562186a0, 24) = 0 [pid 6186] chdir("./385") = 0 [pid 6186] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6186] setpgid(0, 0) = 0 [pid 6186] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6186] write(3, "1000", 4) = 4 [pid 6186] close(3) = 0 [pid 6186] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6186] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6186] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6186] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6186] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6187 attached => {parent_tid=[6187]}, 88) = 6187 [pid 6187] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6187] set_robust_list(0x7f3dc90769a0, 24 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], [pid 6187] <... set_robust_list resumed>) = 0 [pid 6186] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6187] rt_sigprocmask(SIG_SETMASK, [], [pid 6186] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6186] <... futex resumed>) = 0 [pid 6187] memfd_create("syzkaller", 0 [pid 6186] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6187] <... memfd_create resumed>) = 3 [pid 6187] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6187] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6187] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6187] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6187] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6187] close(3) = 0 [pid 6187] mkdir("./file0", 0777) = 0 [pid 6187] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6187] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6187] chdir("./file0") = 0 [pid 6187] ioctl(4, LOOP_CLR_FD) = 0 [pid 6187] close(4) = 0 [pid 6187] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6186] <... futex resumed>) = 0 [pid 6187] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6186] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... open resumed>) = 4 [pid 6187] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] <... futex resumed>) = 0 [pid 6186] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6186] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6187] <... open resumed>) = 5 [pid 6187] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6186] <... futex resumed>) = 0 [pid 6187] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6186] <... futex resumed>) = 0 [pid 6187] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6186] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6187] <... mmap resumed>) = 0x20000000 [pid 6186] <... futex resumed>) = 0 [pid 6187] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6186] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6187] <... futex resumed>) = 0 [pid 6187] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6186] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6186] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6186] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6188 attached [pid 6188] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6188] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6188] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6188] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6186] <... clone3 resumed> => {parent_tid=[6188]}, 88) = 6188 [pid 6186] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6186] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6188] <... futex resumed>) = 0 [pid 6188] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6187] <... futex resumed>) = ? [pid 6188] +++ killed by SIGBUS +++ [pid 6187] +++ killed by SIGBUS +++ [pid 6186] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6186, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./385", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./385/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./385/binderfs") = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./385/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./385/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./385/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 116.109686][ T6187] loop0: detected capacity change from 0 to 2048 [ 116.120919][ T6187] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./385/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./385") = 0 mkdir("./386", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6189 attached , child_tidptr=0x555556218690) = 6189 [pid 6189] set_robust_list(0x5555562186a0, 24) = 0 [pid 6189] chdir("./386") = 0 [pid 6189] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6189] setpgid(0, 0) = 0 [pid 6189] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6189] write(3, "1000", 4) = 4 [pid 6189] close(3) = 0 [pid 6189] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6189] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6189] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6189] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6190]}, 88) = 6190 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6189] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6189] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6190 attached [pid 6190] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6190] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6190] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6190] memfd_create("syzkaller", 0) = 3 [pid 6190] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6190] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6190] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6190] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6190] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6190] close(3) = 0 [pid 6190] mkdir("./file0", 0777) = 0 [pid 6190] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6190] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6190] chdir("./file0") = 0 [pid 6190] ioctl(4, LOOP_CLR_FD) = 0 [pid 6190] close(4) = 0 [pid 6190] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6190] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = 0 [pid 6190] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6189] <... futex resumed>) = 1 [pid 6189] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] <... open resumed>) = 4 [pid 6190] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] <... futex resumed>) = 1 [pid 6189] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6190] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6190] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... futex resumed>) = 1 [pid 6189] <... futex resumed>) = 0 [pid 6190] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6189] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6190] <... mmap resumed>) = 0x20000000 [pid 6189] <... futex resumed>) = 0 [pid 6189] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6189] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6190] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6190] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] <... mprotect resumed>) = 0 [pid 6189] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6189] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6191 attached [pid 6191] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6189] <... clone3 resumed> => {parent_tid=[6191]}, 88) = 6191 [pid 6191] <... rseq resumed>) = 0 [pid 6191] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6189] rt_sigprocmask(SIG_SETMASK, [], [pid 6191] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6191] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6189] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6189] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6191] <... futex resumed>) = 0 [pid 6189] <... futex resumed>) = 1 [pid 6189] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6191] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6189] <... futex resumed>) = ? [pid 6190] <... futex resumed>) = ? [pid 6191] +++ killed by SIGBUS +++ [pid 6190] +++ killed by SIGBUS +++ [pid 6189] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6189, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./386", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./386/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./386/binderfs") = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./386/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./386/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./386/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./386/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 116.224022][ T6190] loop0: detected capacity change from 0 to 2048 [ 116.235231][ T6190] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./386") = 0 mkdir("./387", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6192 ./strace-static-x86_64: Process 6192 attached [pid 6192] set_robust_list(0x5555562186a0, 24) = 0 [pid 6192] chdir("./387") = 0 [pid 6192] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6192] setpgid(0, 0) = 0 [pid 6192] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6192] write(3, "1000", 4) = 4 [pid 6192] close(3) = 0 [pid 6192] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6192] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6192] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6192] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6193 attached => {parent_tid=[6193]}, 88) = 6193 [pid 6192] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6192] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6192] <... futex resumed>) = 0 [pid 6193] <... rseq resumed>) = 0 [pid 6193] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6192] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6193] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6193] memfd_create("syzkaller", 0) = 3 [pid 6193] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6193] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6193] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6193] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6193] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6193] close(3) = 0 [pid 6193] mkdir("./file0", 0777) = 0 [pid 6193] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6193] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6193] chdir("./file0") = 0 [pid 6193] ioctl(4, LOOP_CLR_FD) = 0 [pid 6193] close(4) = 0 [pid 6193] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6192] <... futex resumed>) = 0 [pid 6193] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6192] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6192] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... open resumed>) = 4 [pid 6193] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6193] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 0 [pid 6192] <... futex resumed>) = 1 [pid 6193] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6192] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6193] <... open resumed>) = 5 [pid 6193] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6193] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] <... futex resumed>) = 0 [pid 6192] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] <... futex resumed>) = 0 [pid 6192] <... futex resumed>) = 1 [pid 6192] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6193] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6192] <... futex resumed>) = 0 [pid 6192] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6193] <... mmap resumed>) = 0x20000000 [pid 6192] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6193] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6193] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6192] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6192] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6192] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6194 attached => {parent_tid=[6194]}, 88) = 6194 [pid 6194] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6192] rt_sigprocmask(SIG_SETMASK, [], [pid 6194] <... rseq resumed>) = 0 [pid 6192] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6194] set_robust_list(0x7f3dc0d559a0, 24 [pid 6192] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6194] <... set_robust_list resumed>) = 0 [pid 6192] <... futex resumed>) = 0 [pid 6194] rt_sigprocmask(SIG_SETMASK, [], [pid 6192] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6194] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6194] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6192] <... futex resumed>) = ? [pid 6193] <... futex resumed>) = ? [pid 6193] +++ killed by SIGBUS +++ [pid 6194] +++ killed by SIGBUS +++ [pid 6192] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6192, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./387", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./387/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./387/binderfs") = 0 [ 116.332166][ T6193] loop0: detected capacity change from 0 to 2048 [ 116.344439][ T6193] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./387/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./387/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./387/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./387/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./387") = 0 mkdir("./388", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6195 ./strace-static-x86_64: Process 6195 attached [pid 6195] set_robust_list(0x5555562186a0, 24) = 0 [pid 6195] chdir("./388") = 0 [pid 6195] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6195] setpgid(0, 0) = 0 [pid 6195] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6195] write(3, "1000", 4) = 4 [pid 6195] close(3) = 0 [pid 6195] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6195] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6195] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6195] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6196]}, 88) = 6196 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6196 attached [pid 6196] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6196] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6196] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6196] memfd_create("syzkaller", 0) = 3 [pid 6196] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6196] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6196] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6196] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6196] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6196] close(3) = 0 [pid 6196] mkdir("./file0", 0777) = 0 [pid 6196] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6196] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6196] chdir("./file0") = 0 [pid 6196] ioctl(4, LOOP_CLR_FD) = 0 [pid 6196] close(4) = 0 [pid 6196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] <... open resumed>) = 4 [pid 6196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6196] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6196] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6196] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6196] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6195] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6195] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6195] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6195] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6195] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6196] <... mmap resumed>) = 0x20000000 ./strace-static-x86_64: Process 6197 attached [pid 6196] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6195] <... clone3 resumed> => {parent_tid=[6197]}, 88) = 6197 [pid 6197] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6196] <... futex resumed>) = 0 [pid 6195] rt_sigprocmask(SIG_SETMASK, [], [pid 6197] <... rseq resumed>) = 0 [pid 6196] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6195] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6197] set_robust_list(0x7f3dc0d559a0, 24 [pid 6195] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6197] <... set_robust_list resumed>) = 0 [pid 6195] <... futex resumed>) = 0 [pid 6195] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6197] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6197] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6196] <... futex resumed>) = ? [pid 6195] <... futex resumed>) = ? [pid 6197] +++ killed by SIGBUS +++ [pid 6196] +++ killed by SIGBUS +++ [pid 6195] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6195, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./388", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./388/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./388/binderfs") = 0 [ 116.443194][ T6196] loop0: detected capacity change from 0 to 2048 [ 116.456180][ T6196] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./388/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./388/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./388/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./388/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./388") = 0 mkdir("./389", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6198 attached , child_tidptr=0x555556218690) = 6198 [pid 6198] set_robust_list(0x5555562186a0, 24) = 0 [pid 6198] chdir("./389") = 0 [pid 6198] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6198] setpgid(0, 0) = 0 [pid 6198] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6198] write(3, "1000", 4) = 4 [pid 6198] close(3) = 0 [pid 6198] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6198] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6198] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6198] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6199]}, 88) = 6199 [pid 6198] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6198] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6199 attached [pid 6199] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6199] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6199] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6199] memfd_create("syzkaller", 0) = 3 [pid 6199] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6199] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6199] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6199] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6199] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6199] close(3) = 0 [pid 6199] mkdir("./file0", 0777) = 0 [pid 6199] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6199] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6199] chdir("./file0") = 0 [pid 6199] ioctl(4, LOOP_CLR_FD) = 0 [pid 6199] close(4) = 0 [pid 6199] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6199] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = 0 [pid 6198] <... futex resumed>) = 1 [pid 6199] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6198] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... open resumed>) = 4 [pid 6199] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6199] <... open resumed>) = 5 [pid 6199] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6198] <... futex resumed>) = 0 [pid 6199] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6198] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] <... futex resumed>) = 0 [pid 6198] <... futex resumed>) = 1 [pid 6198] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6199] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6198] <... futex resumed>) = 0 [pid 6198] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6198] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6199] <... mmap resumed>) = 0x20000000 [pid 6198] <... mprotect resumed>) = 0 [pid 6198] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6198] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6200 attached [pid 6200] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6200] set_robust_list(0x7f3dc0d559a0, 24 [pid 6198] <... clone3 resumed> => {parent_tid=[6200]}, 88) = 6200 [pid 6200] <... set_robust_list resumed>) = 0 [pid 6198] rt_sigprocmask(SIG_SETMASK, [], [pid 6200] rt_sigprocmask(SIG_SETMASK, [], [pid 6198] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6200] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6198] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6200] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6198] <... futex resumed>) = 0 [pid 6198] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6200] +++ killed by SIGBUS +++ [pid 6199] +++ killed by SIGBUS +++ [pid 6198] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6198, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./389", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./389/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./389/binderfs") = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./389/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./389/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./389/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./389/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./389") = 0 mkdir("./390", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6201 ./strace-static-x86_64: Process 6201 attached [pid 6201] set_robust_list(0x5555562186a0, 24) = 0 [ 116.566543][ T6199] loop0: detected capacity change from 0 to 2048 [ 116.587796][ T6199] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6201] chdir("./390") = 0 [pid 6201] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6201] setpgid(0, 0) = 0 [pid 6201] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6201] write(3, "1000", 4) = 4 [pid 6201] close(3) = 0 [pid 6201] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6201] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6201] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6201] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6201] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6202 attached => {parent_tid=[6202]}, 88) = 6202 [pid 6201] rt_sigprocmask(SIG_SETMASK, [], [pid 6202] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6201] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6202] <... rseq resumed>) = 0 [pid 6201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] set_robust_list(0x7f3dc90769a0, 24 [pid 6201] <... futex resumed>) = 0 [pid 6202] <... set_robust_list resumed>) = 0 [pid 6202] rt_sigprocmask(SIG_SETMASK, [], [pid 6201] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6202] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6202] memfd_create("syzkaller", 0) = 3 [pid 6202] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6202] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6202] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6202] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6202] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6202] close(3) = 0 [pid 6202] mkdir("./file0", 0777) = 0 [pid 6202] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6202] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6202] chdir("./file0") = 0 [pid 6202] ioctl(4, LOOP_CLR_FD) = 0 [pid 6202] close(4) = 0 [pid 6202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6202] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6201] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] <... open resumed>) = 4 [pid 6202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... futex resumed>) = 0 [pid 6201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6202] <... futex resumed>) = 1 [pid 6201] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6202] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6201] <... futex resumed>) = 0 [pid 6202] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6202] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6201] <... futex resumed>) = 0 [pid 6202] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6202] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6201] <... mprotect resumed>) = 0 [pid 6202] <... futex resumed>) = 0 [pid 6202] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6201] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6201] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6203]}, 88) = 6203 [pid 6201] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6201] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6201] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6203 attached [pid 6203] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6203] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6203] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6203] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6202] <... futex resumed>) = ? [pid 6202] +++ killed by SIGBUS +++ [pid 6201] <... futex resumed>) = ? [pid 6203] +++ killed by SIGBUS +++ [pid 6201] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6201, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./390", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./390/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./390/binderfs") = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./390/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./390/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./390/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./390/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./390") = 0 mkdir("./391", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6204 attached , child_tidptr=0x555556218690) = 6204 [pid 6204] set_robust_list(0x5555562186a0, 24) = 0 [pid 6204] chdir("./391") = 0 [pid 6204] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6204] setpgid(0, 0) = 0 [pid 6204] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6204] write(3, "1000", 4) = 4 [pid 6204] close(3) = 0 [pid 6204] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6204] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6204] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [ 116.686760][ T6202] loop0: detected capacity change from 0 to 2048 [ 116.697861][ T6202] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6204] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6204] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6205 attached [pid 6205] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6204] <... clone3 resumed> => {parent_tid=[6205]}, 88) = 6205 [pid 6205] <... rseq resumed>) = 0 [pid 6205] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6205] rt_sigprocmask(SIG_SETMASK, [], [pid 6204] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6204] <... futex resumed>) = 0 [pid 6205] memfd_create("syzkaller", 0 [pid 6204] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6205] <... memfd_create resumed>) = 3 [pid 6205] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6205] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6205] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6205] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6205] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6205] close(3) = 0 [pid 6205] mkdir("./file0", 0777) = 0 [pid 6205] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6205] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6205] chdir("./file0") = 0 [pid 6205] ioctl(4, LOOP_CLR_FD) = 0 [pid 6205] close(4) = 0 [pid 6205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6205] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] <... futex resumed>) = 0 [pid 6204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 1 [pid 6205] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6204] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6205] <... open resumed>) = 4 [pid 6205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6204] <... futex resumed>) = 0 [pid 6205] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... open resumed>) = 5 [pid 6204] <... futex resumed>) = 0 [pid 6205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6205] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6204] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6205] <... futex resumed>) = 0 [pid 6204] <... futex resumed>) = 1 [pid 6205] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6205] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6204] <... futex resumed>) = 0 [pid 6204] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6205] <... futex resumed>) = 0 [pid 6205] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6204] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6204] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6204] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6204] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6206 attached => {parent_tid=[6206]}, 88) = 6206 [pid 6206] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6204] rt_sigprocmask(SIG_SETMASK, [], [pid 6206] <... rseq resumed>) = 0 [pid 6204] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6206] set_robust_list(0x7f3dc0d559a0, 24 [pid 6204] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6206] <... set_robust_list resumed>) = 0 [pid 6204] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6206] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6206] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6204] <... futex resumed>) = ? [pid 6205] <... futex resumed>) = ? [pid 6206] +++ killed by SIGBUS +++ [pid 6205] +++ killed by SIGBUS +++ [pid 6204] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6204, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./391", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./391/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./391/binderfs") = 0 [ 116.785728][ T6205] loop0: detected capacity change from 0 to 2048 [ 116.798175][ T6205] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./391/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./391/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./391/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./391/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./391") = 0 mkdir("./392", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6207 attached , child_tidptr=0x555556218690) = 6207 [pid 6207] set_robust_list(0x5555562186a0, 24) = 0 [pid 6207] chdir("./392") = 0 [pid 6207] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6207] setpgid(0, 0) = 0 [pid 6207] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6207] write(3, "1000", 4) = 4 [pid 6207] close(3) = 0 [pid 6207] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6207] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6207] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6207] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6208]}, 88) = 6208 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6208 attached [pid 6208] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6208] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6208] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6208] memfd_create("syzkaller", 0) = 3 [pid 6208] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6208] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6208] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6208] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6208] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6208] close(3) = 0 [pid 6208] mkdir("./file0", 0777) = 0 [pid 6208] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6208] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6208] chdir("./file0") = 0 [pid 6208] ioctl(4, LOOP_CLR_FD) = 0 [pid 6208] close(4) = 0 [pid 6208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6207] <... futex resumed>) = 0 [pid 6208] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6208] <... futex resumed>) = 0 [pid 6207] <... futex resumed>) = 1 [pid 6207] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6207] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6208] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6207] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6207] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6208] <... mmap resumed>) = 0x20000000 [pid 6207] <... mprotect resumed>) = 0 [pid 6207] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6207] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6209 attached [pid 6209] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6207] <... clone3 resumed> => {parent_tid=[6209]}, 88) = 6209 [pid 6209] set_robust_list(0x7f3dc0d559a0, 24 [pid 6207] rt_sigprocmask(SIG_SETMASK, [], [pid 6209] <... set_robust_list resumed>) = 0 [pid 6208] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] rt_sigprocmask(SIG_SETMASK, [], [pid 6208] <... futex resumed>) = 0 [pid 6207] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6209] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6208] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6207] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6209] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6207] <... futex resumed>) = 0 [pid 6207] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6208] <... futex resumed>) = ? [pid 6207] <... futex resumed>) = ? [pid 6208] +++ killed by SIGBUS +++ [pid 6209] +++ killed by SIGBUS +++ [pid 6207] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6207, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./392", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./392/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 116.898240][ T6208] loop0: detected capacity change from 0 to 2048 [ 116.912142][ T6208] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./392/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./392/binderfs") = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./392/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./392/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./392/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./392/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./392") = 0 mkdir("./393", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6210 attached , child_tidptr=0x555556218690) = 6210 [pid 6210] set_robust_list(0x5555562186a0, 24) = 0 [pid 6210] chdir("./393") = 0 [pid 6210] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6210] setpgid(0, 0) = 0 [pid 6210] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6210] write(3, "1000", 4) = 4 [pid 6210] close(3) = 0 [pid 6210] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6210] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6210] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6210] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6211 attached => {parent_tid=[6211]}, 88) = 6211 [pid 6211] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6210] rt_sigprocmask(SIG_SETMASK, [], [pid 6211] set_robust_list(0x7f3dc90769a0, 24 [pid 6210] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6211] <... set_robust_list resumed>) = 0 [pid 6210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6210] <... futex resumed>) = 0 [pid 6211] memfd_create("syzkaller", 0 [pid 6210] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6211] <... memfd_create resumed>) = 3 [pid 6211] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6211] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6211] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6211] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6211] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6211] close(3) = 0 [pid 6211] mkdir("./file0", 0777) = 0 [pid 6211] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6211] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6211] chdir("./file0") = 0 [pid 6211] ioctl(4, LOOP_CLR_FD) = 0 [pid 6211] close(4) = 0 [pid 6211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 1 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6211] <... futex resumed>) = 1 [pid 6211] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... open resumed>) = 5 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6210] <... futex resumed>) = 0 [pid 6210] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... futex resumed>) = 1 [pid 6210] <... futex resumed>) = 0 [pid 6211] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6210] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6211] <... mmap resumed>) = 0x20000000 [pid 6210] <... futex resumed>) = 0 [pid 6210] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6211] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6211] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6210] <... mprotect resumed>) = 0 [pid 6210] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6210] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6212 attached => {parent_tid=[6212]}, 88) = 6212 [pid 6210] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6210] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6210] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6212] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6212] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6212] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6212] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6211] <... futex resumed>) = ? [pid 6211] +++ killed by SIGBUS +++ [pid 6210] <... futex resumed>) = ? [pid 6212] +++ killed by SIGBUS +++ [pid 6210] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6210, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./393", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./393/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./393/binderfs") = 0 [ 117.007207][ T6211] loop0: detected capacity change from 0 to 2048 [ 117.018930][ T6211] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./393/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./393/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./393/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./393/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./393") = 0 mkdir("./394", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6213 ./strace-static-x86_64: Process 6213 attached [pid 6213] set_robust_list(0x5555562186a0, 24) = 0 [pid 6213] chdir("./394") = 0 [pid 6213] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6213] setpgid(0, 0) = 0 [pid 6213] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6213] write(3, "1000", 4) = 4 [pid 6213] close(3) = 0 [pid 6213] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6213] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6213] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6213] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6213] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6213] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6214 attached => {parent_tid=[6214]}, 88) = 6214 [pid 6214] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6213] rt_sigprocmask(SIG_SETMASK, [], [pid 6214] set_robust_list(0x7f3dc90769a0, 24 [pid 6213] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6214] <... set_robust_list resumed>) = 0 [pid 6213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] rt_sigprocmask(SIG_SETMASK, [], [pid 6213] <... futex resumed>) = 0 [pid 6214] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6213] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6214] memfd_create("syzkaller", 0) = 3 [pid 6214] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6214] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6214] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6214] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6214] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6214] close(3) = 0 [pid 6214] mkdir("./file0", 0777) = 0 [pid 6214] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6214] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6214] chdir("./file0") = 0 [pid 6214] ioctl(4, LOOP_CLR_FD) = 0 [pid 6214] close(4) = 0 [pid 6214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... futex resumed>) = 0 [pid 6214] <... futex resumed>) = 1 [pid 6213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] <... open resumed>) = 4 [pid 6214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... futex resumed>) = 0 [pid 6214] <... futex resumed>) = 1 [pid 6213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6214] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6213] <... futex resumed>) = 0 [pid 6214] <... open resumed>) = 5 [pid 6213] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6213] <... futex resumed>) = 0 [pid 6213] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6214] <... futex resumed>) = 1 [pid 6213] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6214] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6214] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] <... clone3 resumed> => {parent_tid=[6215]}, 88) = 6215 [pid 6214] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6213] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6213] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6213] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6215 attached [pid 6215] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6215] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6215] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6215] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6215] +++ killed by SIGBUS +++ [pid 6213] <... futex resumed>) = ? [pid 6214] <... futex resumed>) = ? [pid 6214] +++ killed by SIGBUS +++ [pid 6213] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6213, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./394", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./394/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./394/binderfs") = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./394/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./394/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./394/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 117.120857][ T6214] loop0: detected capacity change from 0 to 2048 [ 117.134692][ T6214] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./394/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./394") = 0 mkdir("./395", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6216 attached , child_tidptr=0x555556218690) = 6216 [pid 6216] set_robust_list(0x5555562186a0, 24) = 0 [pid 6216] chdir("./395") = 0 [pid 6216] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6216] setpgid(0, 0) = 0 [pid 6216] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6216] write(3, "1000", 4) = 4 [pid 6216] close(3) = 0 [pid 6216] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6216] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6216] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6216] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6217 attached => {parent_tid=[6217]}, 88) = 6217 [pid 6217] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6216] rt_sigprocmask(SIG_SETMASK, [], [pid 6217] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6217] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6217] memfd_create("syzkaller", 0 [pid 6216] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6217] <... memfd_create resumed>) = 3 [pid 6217] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6217] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6217] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6217] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6217] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6217] close(3) = 0 [pid 6217] mkdir("./file0", 0777) = 0 [ 117.215897][ T6217] __do_sys_memfd_create: 33 callbacks suppressed [ 117.215914][ T6217] syz-executor183[6217]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 117.247098][ T6217] loop0: detected capacity change from 0 to 2048 [pid 6217] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6217] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6217] chdir("./file0") = 0 [pid 6217] ioctl(4, LOOP_CLR_FD) = 0 [pid 6217] close(4) = 0 [pid 6217] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... futex resumed>) = 0 [pid 6217] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6217] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6217] <... futex resumed>) = 0 [pid 6217] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6217] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6216] <... futex resumed>) = 0 [pid 6217] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6216] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6217] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6217] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6216] <... futex resumed>) = 0 [pid 6216] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6216] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6216] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6217] <... mmap resumed>) = 0x20000000 [pid 6216] <... mprotect resumed>) = 0 [pid 6216] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6216] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6218 attached => {parent_tid=[6218]}, 88) = 6218 [pid 6218] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6216] rt_sigprocmask(SIG_SETMASK, [], [pid 6218] set_robust_list(0x7f3dc0d559a0, 24 [pid 6216] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6218] <... set_robust_list resumed>) = 0 [pid 6216] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6218] rt_sigprocmask(SIG_SETMASK, [], [pid 6216] <... futex resumed>) = 0 [pid 6218] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6216] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6218] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6216] <... futex resumed>) = ? [pid 6218] +++ killed by SIGBUS +++ [pid 6217] +++ killed by SIGBUS +++ [pid 6216] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6216, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./395", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./395/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./395/binderfs") = 0 [ 117.258796][ T6217] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./395/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./395/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./395/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./395/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./395") = 0 mkdir("./396", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6219 ./strace-static-x86_64: Process 6219 attached [pid 6219] set_robust_list(0x5555562186a0, 24) = 0 [pid 6219] chdir("./396") = 0 [pid 6219] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6219] setpgid(0, 0) = 0 [pid 6219] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6219] write(3, "1000", 4) = 4 [pid 6219] close(3) = 0 [pid 6219] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6219] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6219] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6219] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6219] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6220 attached => {parent_tid=[6220]}, 88) = 6220 [pid 6220] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6220] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6220] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6220] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] <... futex resumed>) = 0 [pid 6219] <... futex resumed>) = 1 [pid 6220] memfd_create("syzkaller", 0 [pid 6219] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6220] <... memfd_create resumed>) = 3 [pid 6220] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6220] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6220] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6220] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6220] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6220] close(3) = 0 [pid 6220] mkdir("./file0", 0777) = 0 [pid 6220] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6220] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6220] chdir("./file0") = 0 [pid 6220] ioctl(4, LOOP_CLR_FD) = 0 [pid 6220] close(4) = 0 [pid 6220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... futex resumed>) = 1 [pid 6220] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6220] <... futex resumed>) = 1 [pid 6220] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6219] <... futex resumed>) = 0 [pid 6220] <... futex resumed>) = 1 [pid 6219] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6220] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6219] <... futex resumed>) = 0 [pid 6220] <... mmap resumed>) = 0x20000000 [pid 6219] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6219] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6220] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6220] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6219] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6219] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6221 attached => {parent_tid=[6221]}, 88) = 6221 [pid 6219] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6219] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6219] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6221] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6221] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6221] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6221] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6220] <... futex resumed>) = ? [pid 6219] <... futex resumed>) = ? [pid 6221] +++ killed by SIGBUS +++ [pid 6220] +++ killed by SIGBUS +++ [pid 6219] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6219, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./396", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 117.354394][ T6220] syz-executor183[6220]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 117.377692][ T6220] loop0: detected capacity change from 0 to 2048 [ 117.388708][ T6220] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./396/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./396/binderfs") = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./396/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./396/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./396/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./396/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./396") = 0 mkdir("./397", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6222 ./strace-static-x86_64: Process 6222 attached [pid 6222] set_robust_list(0x5555562186a0, 24) = 0 [pid 6222] chdir("./397") = 0 [pid 6222] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6222] setpgid(0, 0) = 0 [pid 6222] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6222] write(3, "1000", 4) = 4 [pid 6222] close(3) = 0 [pid 6222] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6222] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6222] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6222] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6223 attached => {parent_tid=[6223]}, 88) = 6223 [pid 6223] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], [pid 6223] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6223] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6223] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6223] <... futex resumed>) = 0 [pid 6222] <... futex resumed>) = 1 [pid 6223] memfd_create("syzkaller", 0 [pid 6222] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6223] <... memfd_create resumed>) = 3 [pid 6223] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6223] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6223] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6223] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6223] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6223] close(3) = 0 [pid 6223] mkdir("./file0", 0777) = 0 [pid 6223] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6223] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6223] chdir("./file0") = 0 [pid 6223] ioctl(4, LOOP_CLR_FD) = 0 [pid 6223] close(4) = 0 [pid 6223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6223] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6223] <... futex resumed>) = 0 [pid 6223] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6222] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] <... open resumed>) = 4 [pid 6223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6223] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6222] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6224 attached [pid 6224] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6222] <... clone3 resumed> => {parent_tid=[6224]}, 88) = 6224 [pid 6224] <... rseq resumed>) = 0 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], [pid 6224] set_robust_list(0x7f3dc0d559a0, 24 [pid 6222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6224] <... set_robust_list resumed>) = 0 [pid 6222] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6224] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6222] <... futex resumed>) = 0 [pid 6224] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6222] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6224] <... open resumed>) = 6 [pid 6223] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6224] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6222] <... futex resumed>) = 0 [pid 6222] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6224] <... futex resumed>) = 1 [ 117.482256][ T6223] syz-executor183[6223]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 117.504449][ T6223] loop0: detected capacity change from 0 to 2048 [ 117.516043][ T6223] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6224] write(6, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6222] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6222] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6222] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6222] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6222] futex(0x7f3dc91426ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6222] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d14000 [pid 6222] mprotect(0x7f3dc0d15000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6222] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6222] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d34990, parent_tid=0x7f3dc0d34990, exit_signal=0, stack=0x7f3dc0d14000, stack_size=0x20300, tls=0x7f3dc0d346c0}./strace-static-x86_64: Process 6225 attached => {parent_tid=[6225]}, 88) = 6225 [pid 6225] rseq(0x7f3dc0d34fe0, 0x20, 0, 0x53053053 [pid 6222] rt_sigprocmask(SIG_SETMASK, [], [pid 6225] <... rseq resumed>) = 0 [pid 6222] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6225] set_robust_list(0x7f3dc0d349a0, 24 [pid 6222] futex(0x7f3dc91426e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6225] <... set_robust_list resumed>) = 0 [pid 6222] <... futex resumed>) = 0 [pid 6225] rt_sigprocmask(SIG_SETMASK, [], [pid 6222] futex(0x7f3dc91426ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6225] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6225] ftruncate(4, 2 [pid 6222] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6223] <... mmap resumed>) = 0x20000000 [pid 6223] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6223] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6225] <... ftruncate resumed>) = 0 [pid 6225] futex(0x7f3dc91426ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6225] futex(0x7f3dc91426e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6224] <... write resumed>) = 348160 [pid 6224] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6224] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6222] exit_group(0 [pid 6225] <... futex resumed>) = ? [pid 6225] +++ exited with 0 +++ [pid 6224] <... futex resumed>) = ? [pid 6223] <... futex resumed>) = ? [pid 6222] <... exit_group resumed>) = ? [pid 6224] +++ exited with 0 +++ [pid 6223] +++ exited with 0 +++ [pid 6222] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6222, si_uid=0, si_status=0, si_utime=0, si_stime=12 /* 0.12 s */} --- umount2("./397", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./397/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./397/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./397/binderfs") = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./397/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./397/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./397/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./397/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./397") = 0 mkdir("./398", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6226 ./strace-static-x86_64: Process 6226 attached [pid 6226] set_robust_list(0x5555562186a0, 24) = 0 [pid 6226] chdir("./398") = 0 [pid 6226] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6226] setpgid(0, 0) = 0 [pid 6226] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6226] write(3, "1000", 4) = 4 [pid 6226] close(3) = 0 [pid 6226] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6226] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6226] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6226] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6227 attached => {parent_tid=[6227]}, 88) = 6227 [pid 6227] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6226] rt_sigprocmask(SIG_SETMASK, [], [pid 6227] <... rseq resumed>) = 0 [pid 6226] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6227] set_robust_list(0x7f3dc90769a0, 24 [pid 6226] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] <... set_robust_list resumed>) = 0 [pid 6227] rt_sigprocmask(SIG_SETMASK, [], [pid 6226] <... futex resumed>) = 0 [pid 6227] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6226] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6227] memfd_create("syzkaller", 0) = 3 [pid 6227] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6227] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6227] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6227] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6227] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6227] close(3) = 0 [pid 6227] mkdir("./file0", 0777) = 0 [pid 6227] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6227] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6227] chdir("./file0") = 0 [pid 6227] ioctl(4, LOOP_CLR_FD) = 0 [pid 6227] close(4) = 0 [pid 6227] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = 0 [pid 6227] <... futex resumed>) = 1 [pid 6226] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6226] <... futex resumed>) = 0 [pid 6226] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] <... open resumed>) = 4 [pid 6227] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = 0 [pid 6226] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6227] <... futex resumed>) = 1 [pid 6227] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6227] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6226] <... futex resumed>) = 0 [pid 6226] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6227] <... futex resumed>) = 1 [pid 6227] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6226] <... futex resumed>) = 0 [pid 6227] <... mmap resumed>) = 0x20000000 [pid 6226] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6226] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6226] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6227] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6227] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6226] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6226] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6228]}, 88) = 6228 [pid 6226] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6226] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6228 attached [pid 6226] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6228] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6228] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6228] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6228] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6227] <... futex resumed>) = ? [pid 6226] <... futex resumed>) = ? [pid 6227] +++ killed by SIGBUS +++ [pid 6228] +++ killed by SIGBUS +++ [pid 6226] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6226, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./398", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./398/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./398/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./398/binderfs") = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./398/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./398/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./398/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 117.731145][ T6227] syz-executor183[6227]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 117.757320][ T6227] loop0: detected capacity change from 0 to 2048 [ 117.769307][ T6227] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./398/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./398") = 0 mkdir("./399", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6229 ./strace-static-x86_64: Process 6229 attached [pid 6229] set_robust_list(0x5555562186a0, 24) = 0 [pid 6229] chdir("./399") = 0 [pid 6229] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6229] setpgid(0, 0) = 0 [pid 6229] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6229] write(3, "1000", 4) = 4 [pid 6229] close(3) = 0 [pid 6229] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6229] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6229] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6229] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6229] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6230 attached => {parent_tid=[6230]}, 88) = 6230 [pid 6230] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], [pid 6230] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6229] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6230] rt_sigprocmask(SIG_SETMASK, [], [pid 6229] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6229] <... futex resumed>) = 0 [pid 6230] memfd_create("syzkaller", 0 [pid 6229] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6230] <... memfd_create resumed>) = 3 [pid 6230] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6230] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6230] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6230] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6230] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6230] close(3) = 0 [pid 6230] mkdir("./file0", 0777) = 0 [pid 6230] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6230] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6230] chdir("./file0") = 0 [pid 6230] ioctl(4, LOOP_CLR_FD) = 0 [pid 6230] close(4) = 0 [pid 6230] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6230] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6229] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6230] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6229] <... futex resumed>) = 0 [pid 6230] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6229] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] <... open resumed>) = 4 [pid 6230] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6229] <... futex resumed>) = 0 [pid 6229] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6230] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6229] <... futex resumed>) = 0 [pid 6229] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6229] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6229] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6230] <... futex resumed>) = 1 [pid 6229] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6230] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6229] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6231 attached [pid 6230] <... mmap resumed>) = 0x20000000 [pid 6229] <... clone3 resumed> => {parent_tid=[6231]}, 88) = 6231 [pid 6229] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6229] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6229] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6230] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6230] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6231] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6231] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6231] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6231] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6230] <... futex resumed>) = ? [pid 6230] +++ killed by SIGBUS +++ [pid 6229] <... futex resumed>) = ? [ 117.842115][ T6230] syz-executor183[6230]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 117.869087][ T6230] loop0: detected capacity change from 0 to 2048 [ 117.880790][ T6230] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6231] +++ killed by SIGBUS +++ [pid 6229] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6229, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./399", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./399/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./399/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./399/binderfs") = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./399/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./399/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./399/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./399/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./399") = 0 mkdir("./400", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6232 attached , child_tidptr=0x555556218690) = 6232 [pid 6232] set_robust_list(0x5555562186a0, 24) = 0 [pid 6232] chdir("./400") = 0 [pid 6232] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6232] setpgid(0, 0) = 0 [pid 6232] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6232] write(3, "1000", 4) = 4 [pid 6232] close(3) = 0 [pid 6232] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6232] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6232] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6232] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6233 attached => {parent_tid=[6233]}, 88) = 6233 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6232] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6233] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6233] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6233] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6233] memfd_create("syzkaller", 0) = 3 [pid 6233] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6233] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6233] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6233] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6233] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6233] close(3) = 0 [pid 6233] mkdir("./file0", 0777) = 0 [pid 6233] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6233] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6233] chdir("./file0") = 0 [pid 6233] ioctl(4, LOOP_CLR_FD) = 0 [pid 6233] close(4) = 0 [pid 6233] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] <... futex resumed>) = 1 [pid 6232] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6233] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6233] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] <... futex resumed>) = 0 [pid 6232] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = 0 [pid 6232] <... futex resumed>) = 1 [pid 6233] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6232] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6233] <... open resumed>) = 5 [pid 6233] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6232] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] <... futex resumed>) = 0 [pid 6233] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6233] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6232] <... futex resumed>) = 0 [pid 6233] <... mmap resumed>) = 0x20000000 [pid 6232] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6233] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6233] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6232] <... futex resumed>) = 0 [pid 6232] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6232] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6232] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6232] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6234]}, 88) = 6234 [pid 6232] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6232] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6232] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6234 attached [pid 6234] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6234] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6234] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6234] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6232] <... futex resumed>) = ? [pid 6233] <... futex resumed>) = ? [pid 6233] +++ killed by SIGBUS +++ [pid 6234] +++ killed by SIGBUS +++ [pid 6232] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6232, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./400", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./400/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./400/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./400/binderfs") = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./400/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./400/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./400/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 117.987074][ T6233] syz-executor183[6233]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 118.009149][ T6233] loop0: detected capacity change from 0 to 2048 [ 118.021614][ T6233] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./400/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./400") = 0 mkdir("./401", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6235 attached , child_tidptr=0x555556218690) = 6235 [pid 6235] set_robust_list(0x5555562186a0, 24) = 0 [pid 6235] chdir("./401") = 0 [pid 6235] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6235] setpgid(0, 0) = 0 [pid 6235] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6235] write(3, "1000", 4) = 4 [pid 6235] close(3) = 0 [pid 6235] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6235] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6235] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6235] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6236 attached => {parent_tid=[6236]}, 88) = 6236 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6235] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6236] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6236] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6236] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6236] memfd_create("syzkaller", 0) = 3 [pid 6236] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6236] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6236] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6236] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6236] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6236] close(3) = 0 [pid 6236] mkdir("./file0", 0777) = 0 [pid 6236] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6236] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6236] chdir("./file0") = 0 [pid 6236] ioctl(4, LOOP_CLR_FD) = 0 [pid 6236] close(4) = 0 [pid 6236] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6235] <... futex resumed>) = 0 [pid 6236] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6235] <... futex resumed>) = 0 [pid 6236] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6235] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6236] <... open resumed>) = 4 [pid 6236] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6236] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] <... futex resumed>) = 0 [pid 6235] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6235] <... futex resumed>) = 1 [pid 6236] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6235] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6236] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6236] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6235] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... futex resumed>) = 0 [pid 6235] <... futex resumed>) = 1 [pid 6236] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6235] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6236] <... mmap resumed>) = 0x20000000 [pid 6235] <... futex resumed>) = 0 [pid 6236] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6235] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6236] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6235] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6235] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6235] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6235] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6237 attached => {parent_tid=[6237]}, 88) = 6237 [pid 6237] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6235] rt_sigprocmask(SIG_SETMASK, [], [pid 6237] <... rseq resumed>) = 0 [pid 6237] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6237] rt_sigprocmask(SIG_SETMASK, [], [pid 6235] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6235] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6237] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6235] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6237] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6236] <... futex resumed>) = ? [pid 6236] +++ killed by SIGBUS +++ [pid 6235] <... futex resumed>) = ? [pid 6237] +++ killed by SIGBUS +++ [pid 6235] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6235, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./401", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./401/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./401/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./401/binderfs") = 0 [ 118.108455][ T6236] syz-executor183[6236]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 118.131120][ T6236] loop0: detected capacity change from 0 to 2048 [ 118.142750][ T6236] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./401/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./401/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./401/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./401/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./401") = 0 mkdir("./402", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6238 attached , child_tidptr=0x555556218690) = 6238 [pid 6238] set_robust_list(0x5555562186a0, 24) = 0 [pid 6238] chdir("./402") = 0 [pid 6238] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6238] setpgid(0, 0) = 0 [pid 6238] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6238] write(3, "1000", 4) = 4 [pid 6238] close(3) = 0 [pid 6238] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6238] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6238] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6238] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6239 attached => {parent_tid=[6239]}, 88) = 6239 [pid 6239] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6238] rt_sigprocmask(SIG_SETMASK, [], [pid 6239] <... rseq resumed>) = 0 [pid 6238] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6239] set_robust_list(0x7f3dc90769a0, 24 [pid 6238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... set_robust_list resumed>) = 0 [pid 6238] <... futex resumed>) = 0 [pid 6239] rt_sigprocmask(SIG_SETMASK, [], [pid 6238] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6239] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6239] memfd_create("syzkaller", 0) = 3 [pid 6239] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6239] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6239] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6239] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6239] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6239] close(3) = 0 [pid 6239] mkdir("./file0", 0777) = 0 [pid 6239] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6239] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6239] chdir("./file0") = 0 [pid 6239] ioctl(4, LOOP_CLR_FD) = 0 [pid 6239] close(4) = 0 [pid 6239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6238] <... futex resumed>) = 0 [pid 6239] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6238] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6239] <... futex resumed>) = 0 [pid 6239] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6239] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] <... futex resumed>) = 0 [pid 6238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... futex resumed>) = 0 [pid 6238] <... futex resumed>) = 1 [pid 6239] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6238] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6239] <... open resumed>) = 5 [pid 6239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6238] <... futex resumed>) = 0 [pid 6238] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6239] <... futex resumed>) = 1 [pid 6238] <... futex resumed>) = 0 [pid 6239] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6238] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6239] <... mmap resumed>) = 0x20000000 [pid 6238] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6238] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6238] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6239] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6239] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6238] <... clone3 resumed> => {parent_tid=[6240]}, 88) = 6240 [pid 6238] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6238] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6238] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6240 attached [pid 6240] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6240] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6240] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6240] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6238] <... futex resumed>) = ? [pid 6239] <... futex resumed>) = ? [pid 6239] +++ killed by SIGBUS +++ [pid 6240] +++ killed by SIGBUS +++ [pid 6238] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6238, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./402", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./402/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./402/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./402/binderfs") = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./402/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./402/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./402/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./402/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 118.237187][ T6239] syz-executor183[6239]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 118.260370][ T6239] loop0: detected capacity change from 0 to 2048 [ 118.272240][ T6239] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./402") = 0 mkdir("./403", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6241 attached , child_tidptr=0x555556218690) = 6241 [pid 6241] set_robust_list(0x5555562186a0, 24) = 0 [pid 6241] chdir("./403") = 0 [pid 6241] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6241] setpgid(0, 0) = 0 [pid 6241] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6241] write(3, "1000", 4) = 4 [pid 6241] close(3) = 0 [pid 6241] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6241] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6241] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6241] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6242]}, 88) = 6242 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6242 attached [pid 6242] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6242] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6242] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6242] memfd_create("syzkaller", 0) = 3 [pid 6242] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6242] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6242] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6242] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6242] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6242] close(3) = 0 [pid 6242] mkdir("./file0", 0777) = 0 [ 118.348436][ T6242] syz-executor183[6242]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 118.381100][ T6242] loop0: detected capacity change from 0 to 2048 [pid 6242] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6242] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6242] chdir("./file0") = 0 [pid 6242] ioctl(4, LOOP_CLR_FD) = 0 [pid 6242] close(4) = 0 [pid 6242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... open resumed>) = 4 [pid 6242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6241] <... futex resumed>) = 0 [pid 6241] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6242] <... open resumed>) = 5 [pid 6242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6241] <... futex resumed>) = 0 [pid 6242] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6242] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6241] <... futex resumed>) = 0 [pid 6242] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6241] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6241] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6241] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6242] <... mmap resumed>) = 0x20000000 [pid 6241] <... mprotect resumed>) = 0 [pid 6242] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6241] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6242] <... futex resumed>) = 0 [pid 6241] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6242] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6241] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6243 attached => {parent_tid=[6243]}, 88) = 6243 [pid 6241] rt_sigprocmask(SIG_SETMASK, [], [pid 6243] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6241] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6243] <... rseq resumed>) = 0 [pid 6241] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6243] set_robust_list(0x7f3dc0d559a0, 24 [pid 6241] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6243] <... set_robust_list resumed>) = 0 [pid 6243] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6243] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6241] <... futex resumed>) = ? [pid 6243] +++ killed by SIGBUS +++ [pid 6242] <... futex resumed>) = ? [pid 6242] +++ killed by SIGBUS +++ [pid 6241] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6241, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./403", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./403/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./403/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./403/binderfs") = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./403/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./403/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./403/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 118.396639][ T6242] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./403/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./403") = 0 mkdir("./404", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6244 attached , child_tidptr=0x555556218690) = 6244 [pid 6244] set_robust_list(0x5555562186a0, 24) = 0 [pid 6244] chdir("./404") = 0 [pid 6244] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6244] setpgid(0, 0) = 0 [pid 6244] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6244] write(3, "1000", 4) = 4 [pid 6244] close(3) = 0 [pid 6244] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6244] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6244] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6244] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6245 attached [pid 6245] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6245] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6245] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6245] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6244] <... clone3 resumed> => {parent_tid=[6245]}, 88) = 6245 [pid 6244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6245] <... futex resumed>) = 0 [pid 6244] <... futex resumed>) = 1 [pid 6244] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6245] memfd_create("syzkaller", 0) = 3 [pid 6245] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6245] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6245] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6245] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6245] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6245] close(3) = 0 [pid 6245] mkdir("./file0", 0777) = 0 [pid 6245] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6245] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6245] chdir("./file0") = 0 [pid 6245] ioctl(4, LOOP_CLR_FD) = 0 [pid 6245] close(4) = 0 [pid 6245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] <... futex resumed>) = 0 [pid 6244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6245] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] <... futex resumed>) = 0 [pid 6245] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6245] <... futex resumed>) = 0 [pid 6245] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6244] <... futex resumed>) = 0 [pid 6244] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6244] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6246]}, 88) = 6246 [pid 6245] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6244] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6246 attached [pid 6246] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6246] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6246] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6246] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6246] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6244] <... futex resumed>) = 0 [pid 6244] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6246] <... futex resumed>) = 1 [ 118.485172][ T6245] syz-executor183[6245]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 118.509456][ T6245] loop0: detected capacity change from 0 to 2048 [ 118.520762][ T6245] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6246] write(6, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6244] <... futex resumed>) = -1 ETIMEDOUT (Connection timed out) [pid 6244] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=0}) = -1 ETIMEDOUT (Connection timed out) [pid 6244] futex(0x7f3dc91426ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6244] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d14000 [pid 6244] mprotect(0x7f3dc0d15000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6244] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6244] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d34990, parent_tid=0x7f3dc0d34990, exit_signal=0, stack=0x7f3dc0d14000, stack_size=0x20300, tls=0x7f3dc0d346c0}./strace-static-x86_64: Process 6247 attached [pid 6247] rseq(0x7f3dc0d34fe0, 0x20, 0, 0x53053053) = 0 [pid 6247] set_robust_list(0x7f3dc0d349a0, 24) = 0 [pid 6247] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6247] futex(0x7f3dc91426e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6244] <... clone3 resumed> => {parent_tid=[6247]}, 88) = 6247 [pid 6244] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6244] futex(0x7f3dc91426e8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6247] <... futex resumed>) = 0 [pid 6244] <... futex resumed>) = 1 [pid 6247] ftruncate(4, 2 [pid 6244] futex(0x7f3dc91426ec, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [pid 6245] <... mmap resumed>) = 0x20000000 [pid 6245] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6245] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6247] <... ftruncate resumed>) = 0 [pid 6246] <... write resumed>) = 348160 [pid 6246] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6246] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6247] futex(0x7f3dc91426ec, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6247] futex(0x7f3dc91426e8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6244] exit_group(0 [pid 6247] <... futex resumed>) = ? [pid 6246] <... futex resumed>) = ? [pid 6245] <... futex resumed>) = ? [pid 6244] <... exit_group resumed>) = ? [pid 6247] +++ exited with 0 +++ [pid 6246] +++ exited with 0 +++ [pid 6245] +++ exited with 0 +++ [pid 6244] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6244, si_uid=0, si_status=0, si_utime=0, si_stime=18 /* 0.18 s */} --- umount2("./404", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./404/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./404/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./404/binderfs") = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./404/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./404/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./404/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./404/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./404") = 0 mkdir("./405", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6248 ./strace-static-x86_64: Process 6248 attached [pid 6248] set_robust_list(0x5555562186a0, 24) = 0 [pid 6248] chdir("./405") = 0 [pid 6248] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6248] setpgid(0, 0) = 0 [pid 6248] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6248] write(3, "1000", 4) = 4 [pid 6248] close(3) = 0 [pid 6248] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6248] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6248] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6248] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6249]}, 88) = 6249 [pid 6248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6248] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6249 attached [pid 6249] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6249] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6249] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6249] memfd_create("syzkaller", 0) = 3 [pid 6249] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6249] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6249] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6249] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6249] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6249] close(3) = 0 [pid 6249] mkdir("./file0", 0777) = 0 [pid 6249] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6249] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6249] chdir("./file0") = 0 [pid 6249] ioctl(4, LOOP_CLR_FD) = 0 [pid 6249] close(4) = 0 [pid 6249] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6248] <... futex resumed>) = 0 [pid 6249] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6248] <... futex resumed>) = 0 [pid 6249] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6248] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... open resumed>) = 4 [pid 6249] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6248] <... futex resumed>) = 0 [pid 6249] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6249] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6248] <... futex resumed>) = 0 [pid 6249] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6248] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6249] <... open resumed>) = 5 [pid 6249] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] <... futex resumed>) = 0 [pid 6248] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6249] <... futex resumed>) = 1 [pid 6249] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6248] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6249] <... mmap resumed>) = 0x20000000 [pid 6248] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6248] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6249] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6248] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6249] <... futex resumed>) = 0 [pid 6249] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6248] <... clone3 resumed> => {parent_tid=[6250]}, 88) = 6250 [pid 6248] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6248] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6248] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6250 attached [pid 6250] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6250] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6250] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6250] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6249] <... futex resumed>) = ? [pid 6248] <... futex resumed>) = ? [pid 6250] +++ killed by SIGBUS +++ [pid 6249] +++ killed by SIGBUS +++ [pid 6248] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6248, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./405", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./405/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./405/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./405/binderfs") = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./405/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./405/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./405/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./405/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./405") = 0 mkdir("./406", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6251 attached , child_tidptr=0x555556218690) = 6251 [pid 6251] set_robust_list(0x5555562186a0, 24) = 0 [pid 6251] chdir("./406") = 0 [pid 6251] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6251] setpgid(0, 0) = 0 [pid 6251] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6251] write(3, "1000", 4) = 4 [pid 6251] close(3) = 0 [pid 6251] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6251] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 118.760523][ T6249] loop0: detected capacity change from 0 to 2048 [ 118.771549][ T6249] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6251] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6251] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6251] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6252 attached => {parent_tid=[6252]}, 88) = 6252 [pid 6252] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6251] rt_sigprocmask(SIG_SETMASK, [], [pid 6252] <... rseq resumed>) = 0 [pid 6252] set_robust_list(0x7f3dc90769a0, 24 [pid 6251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6252] <... set_robust_list resumed>) = 0 [pid 6251] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6251] <... futex resumed>) = 0 [pid 6252] memfd_create("syzkaller", 0 [pid 6251] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6252] <... memfd_create resumed>) = 3 [pid 6252] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6252] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6252] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6252] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6252] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6252] close(3) = 0 [pid 6252] mkdir("./file0", 0777) = 0 [pid 6252] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6252] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6252] chdir("./file0") = 0 [pid 6252] ioctl(4, LOOP_CLR_FD) = 0 [pid 6252] close(4) = 0 [pid 6252] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... futex resumed>) = 1 [pid 6252] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6252] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6251] <... futex resumed>) = 0 [pid 6252] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6251] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6251] <... futex resumed>) = 0 [pid 6252] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6251] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6252] <... open resumed>) = 5 [pid 6252] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6251] <... futex resumed>) = 0 [pid 6252] <... futex resumed>) = 1 [pid 6251] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6252] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6251] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6252] <... mmap resumed>) = 0x20000000 [pid 6251] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6252] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6252] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6251] <... mprotect resumed>) = 0 [pid 6251] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6251] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6253 attached => {parent_tid=[6253]}, 88) = 6253 [pid 6253] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6251] rt_sigprocmask(SIG_SETMASK, [], [pid 6253] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6251] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6253] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6251] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6253] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6251] <... futex resumed>) = 0 [pid 6251] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6252] <... futex resumed>) = ? [pid 6252] +++ killed by SIGBUS +++ [pid 6253] +++ killed by SIGBUS +++ [pid 6251] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6251, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./406", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./406/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./406/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./406/binderfs") = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./406/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./406/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./406/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./406/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./406") = 0 mkdir("./407", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6254 [ 118.860251][ T6252] loop0: detected capacity change from 0 to 2048 [ 118.872460][ T6252] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) ./strace-static-x86_64: Process 6254 attached [pid 6254] set_robust_list(0x5555562186a0, 24) = 0 [pid 6254] chdir("./407") = 0 [pid 6254] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6254] setpgid(0, 0) = 0 [pid 6254] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6254] write(3, "1000", 4) = 4 [pid 6254] close(3) = 0 [pid 6254] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6254] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6254] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6254] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6255 attached => {parent_tid=[6255]}, 88) = 6255 [pid 6254] rt_sigprocmask(SIG_SETMASK, [], [pid 6255] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6255] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6255] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6255] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6254] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] <... futex resumed>) = 0 [pid 6254] <... futex resumed>) = 1 [pid 6255] memfd_create("syzkaller", 0 [pid 6254] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6255] <... memfd_create resumed>) = 3 [pid 6255] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6255] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6255] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6255] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6255] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6255] close(3) = 0 [pid 6255] mkdir("./file0", 0777) = 0 [pid 6255] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6255] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6255] chdir("./file0") = 0 [pid 6255] ioctl(4, LOOP_CLR_FD) = 0 [pid 6255] close(4) = 0 [pid 6255] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... futex resumed>) = 1 [pid 6255] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6255] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... futex resumed>) = 1 [pid 6255] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6255] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6254] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6254] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6254] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6254] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6256 attached => {parent_tid=[6256]}, 88) = 6256 [pid 6256] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6254] rt_sigprocmask(SIG_SETMASK, [], [pid 6256] <... rseq resumed>) = 0 [pid 6254] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6256] set_robust_list(0x7f3dc0d559a0, 24 [pid 6254] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... set_robust_list resumed>) = 0 [pid 6255] <... futex resumed>) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6256] rt_sigprocmask(SIG_SETMASK, [], [pid 6255] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6254] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6256] open(0x20000080, O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = -1 EFAULT (Bad address) [pid 6255] <... mmap resumed>) = 0x20000000 [pid 6256] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6254] <... futex resumed>) = 0 [pid 6256] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6254] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6256] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6254] <... futex resumed>) = 0 [pid 6256] write(-1, 0x20000000, 34136651 [pid 6254] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6256] <... write resumed>) = -1 EBADF (Bad file descriptor) [pid 6256] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6255] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6256] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6255] <... futex resumed>) = 0 [pid 6254] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6255] ftruncate(4, 2 [pid 6254] <... futex resumed>) = 0 [pid 6254] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6255] <... ftruncate resumed>) = 0 [pid 6255] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6254] <... futex resumed>) = 0 [pid 6254] exit_group(0 [pid 6256] <... futex resumed>) = ? [pid 6255] <... futex resumed>) = ? [pid 6254] <... exit_group resumed>) = ? [pid 6256] +++ exited with 0 +++ [pid 6255] +++ exited with 0 +++ [pid 6254] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6254, si_uid=0, si_status=0, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./407", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./407/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./407/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./407/binderfs") = 0 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./407/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 118.956562][ T6255] loop0: detected capacity change from 0 to 2048 [ 118.970284][ T6255] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./407/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./407/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./407/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./407") = 0 mkdir("./408", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6257 attached , child_tidptr=0x555556218690) = 6257 [pid 6257] set_robust_list(0x5555562186a0, 24) = 0 [pid 6257] chdir("./408") = 0 [pid 6257] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6257] setpgid(0, 0) = 0 [pid 6257] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6257] write(3, "1000", 4) = 4 [pid 6257] close(3) = 0 [pid 6257] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6257] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6257] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6257] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6258 attached => {parent_tid=[6258]}, 88) = 6258 [pid 6257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6257] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6258] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6258] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6258] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6258] memfd_create("syzkaller", 0) = 3 [pid 6258] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6258] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6258] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6258] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6258] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6258] close(3) = 0 [pid 6258] mkdir("./file0", 0777) = 0 [pid 6258] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6258] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6258] chdir("./file0") = 0 [pid 6258] ioctl(4, LOOP_CLR_FD) = 0 [pid 6258] close(4) = 0 [pid 6258] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6257] <... futex resumed>) = 0 [pid 6258] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6257] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6257] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6258] <... open resumed>) = 4 [pid 6258] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6257] <... futex resumed>) = 0 [pid 6258] <... futex resumed>) = 1 [pid 6257] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6257] <... futex resumed>) = 0 [pid 6257] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6258] <... open resumed>) = 5 [pid 6258] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6257] <... futex resumed>) = 0 [pid 6258] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6257] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6258] <... futex resumed>) = 0 [pid 6257] <... futex resumed>) = 1 [pid 6258] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6257] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6258] <... mmap resumed>) = 0x20000000 [pid 6257] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6258] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6257] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6258] <... futex resumed>) = 0 [pid 6257] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6258] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6257] <... mprotect resumed>) = 0 [pid 6257] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6257] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6259 attached => {parent_tid=[6259]}, 88) = 6259 [pid 6257] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6257] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6259] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6257] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6259] <... rseq resumed>) = 0 [pid 6259] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6259] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6259] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6258] <... futex resumed>) = ? [pid 6257] <... futex resumed>) = ? [pid 6259] +++ killed by SIGBUS +++ [pid 6258] +++ killed by SIGBUS +++ [pid 6257] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6257, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./408", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./408/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./408/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./408/binderfs") = 0 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 119.069299][ T6258] loop0: detected capacity change from 0 to 2048 [ 119.080782][ T6258] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./408/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./408/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./408/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./408/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./408") = 0 mkdir("./409", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6260 attached , child_tidptr=0x555556218690) = 6260 [pid 6260] set_robust_list(0x5555562186a0, 24) = 0 [pid 6260] chdir("./409") = 0 [pid 6260] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6260] setpgid(0, 0) = 0 [pid 6260] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6260] write(3, "1000", 4) = 4 [pid 6260] close(3) = 0 [pid 6260] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6260] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6260] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6260] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6260] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6261 attached [pid 6261] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6260] <... clone3 resumed> => {parent_tid=[6261]}, 88) = 6261 [pid 6261] <... rseq resumed>) = 0 [pid 6261] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6261] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6260] rt_sigprocmask(SIG_SETMASK, [], [pid 6261] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6260] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6261] <... futex resumed>) = 0 [pid 6260] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6261] memfd_create("syzkaller", 0) = 3 [pid 6261] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6261] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6261] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6261] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6261] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6261] close(3) = 0 [pid 6261] mkdir("./file0", 0777) = 0 [pid 6261] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6261] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6261] chdir("./file0") = 0 [pid 6261] ioctl(4, LOOP_CLR_FD) = 0 [pid 6261] close(4) = 0 [pid 6261] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6260] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... open resumed>) = 4 [pid 6261] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6260] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6261] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6260] <... futex resumed>) = 0 [pid 6260] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6261] <... open resumed>) = 5 [pid 6261] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6260] <... futex resumed>) = 0 [pid 6261] <... futex resumed>) = 1 [pid 6260] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6260] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6261] <... mmap resumed>) = 0x20000000 [pid 6260] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6260] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6260] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6261] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6261] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6260] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6260] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6262 attached => {parent_tid=[6262]}, 88) = 6262 [pid 6262] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6260] rt_sigprocmask(SIG_SETMASK, [], [pid 6262] <... rseq resumed>) = 0 [pid 6262] set_robust_list(0x7f3dc0d559a0, 24 [pid 6260] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6260] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6260] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6262] <... set_robust_list resumed>) = 0 [pid 6262] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6262] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6261] <... futex resumed>) = ? [pid 6261] +++ killed by SIGBUS +++ [pid 6260] <... futex resumed>) = ? [pid 6262] +++ killed by SIGBUS +++ [pid 6260] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6260, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./409", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./409/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./409/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./409/binderfs") = 0 [ 119.180722][ T6261] loop0: detected capacity change from 0 to 2048 [ 119.192276][ T6261] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./409/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./409/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./409/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./409/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./409") = 0 mkdir("./410", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6263 attached , child_tidptr=0x555556218690) = 6263 [pid 6263] set_robust_list(0x5555562186a0, 24) = 0 [pid 6263] chdir("./410") = 0 [pid 6263] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6263] setpgid(0, 0) = 0 [pid 6263] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6263] write(3, "1000", 4) = 4 [pid 6263] close(3) = 0 [pid 6263] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6263] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6263] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6263] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6264]}, 88) = 6264 ./strace-static-x86_64: Process 6264 attached [pid 6264] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], [pid 6264] <... rseq resumed>) = 0 [pid 6264] set_robust_list(0x7f3dc90769a0, 24 [pid 6263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6264] <... set_robust_list resumed>) = 0 [pid 6263] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] rt_sigprocmask(SIG_SETMASK, [], [pid 6263] <... futex resumed>) = 0 [pid 6264] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6264] memfd_create("syzkaller", 0 [pid 6263] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6264] <... memfd_create resumed>) = 3 [pid 6264] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6264] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6264] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6264] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6264] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6264] close(3) = 0 [pid 6264] mkdir("./file0", 0777) = 0 [pid 6264] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6264] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6264] chdir("./file0") = 0 [pid 6264] ioctl(4, LOOP_CLR_FD) = 0 [pid 6264] close(4) = 0 [pid 6264] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] <... futex resumed>) = 0 [pid 6263] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6264] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6264] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] <... futex resumed>) = 0 [pid 6264] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6263] <... futex resumed>) = 1 [pid 6263] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6264] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6263] <... futex resumed>) = 0 [pid 6263] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] <... futex resumed>) = 1 [pid 6263] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6264] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6263] <... futex resumed>) = 0 [pid 6264] <... mmap resumed>) = 0x20000000 [pid 6263] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6263] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6264] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6264] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6263] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6263] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6265]}, 88) = 6265 ./strace-static-x86_64: Process 6265 attached [pid 6265] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6263] rt_sigprocmask(SIG_SETMASK, [], [pid 6265] <... rseq resumed>) = 0 [pid 6263] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6263] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6263] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6265] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6265] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6265] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6264] <... futex resumed>) = ? [pid 6263] <... futex resumed>) = ? [pid 6265] +++ killed by SIGBUS +++ [pid 6264] +++ killed by SIGBUS +++ [pid 6263] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6263, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./410", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./410/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./410/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./410/binderfs") = 0 [ 119.298413][ T6264] loop0: detected capacity change from 0 to 2048 [ 119.310176][ T6264] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./410/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./410/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./410/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./410/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./410") = 0 mkdir("./411", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6266 attached , child_tidptr=0x555556218690) = 6266 [pid 6266] set_robust_list(0x5555562186a0, 24) = 0 [pid 6266] chdir("./411") = 0 [pid 6266] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6266] setpgid(0, 0) = 0 [pid 6266] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6266] write(3, "1000", 4) = 4 [pid 6266] close(3) = 0 [pid 6266] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6266] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6266] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6266] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6267 attached [pid 6267] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6266] <... clone3 resumed> => {parent_tid=[6267]}, 88) = 6267 [pid 6267] <... rseq resumed>) = 0 [pid 6266] rt_sigprocmask(SIG_SETMASK, [], [pid 6267] set_robust_list(0x7f3dc90769a0, 24 [pid 6266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6267] <... set_robust_list resumed>) = 0 [pid 6266] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6266] <... futex resumed>) = 0 [pid 6267] memfd_create("syzkaller", 0 [pid 6266] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6267] <... memfd_create resumed>) = 3 [pid 6267] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6267] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6267] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6267] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6267] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6267] close(3) = 0 [pid 6267] mkdir("./file0", 0777) = 0 [pid 6267] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6267] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6267] chdir("./file0") = 0 [pid 6267] ioctl(4, LOOP_CLR_FD) = 0 [pid 6267] close(4) = 0 [pid 6267] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6267] <... futex resumed>) = 1 [pid 6267] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6266] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... open resumed>) = 4 [pid 6267] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6267] <... futex resumed>) = 1 [pid 6266] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6267] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6267] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6266] <... futex resumed>) = 0 [pid 6266] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... futex resumed>) = 0 [pid 6266] <... futex resumed>) = 1 [pid 6267] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6266] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6267] <... mmap resumed>) = 0x20000000 [pid 6266] <... futex resumed>) = 0 [pid 6266] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6267] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6266] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6267] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6266] <... mprotect resumed>) = 0 [pid 6266] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6266] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6268 attached => {parent_tid=[6268]}, 88) = 6268 [pid 6268] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6266] rt_sigprocmask(SIG_SETMASK, [], [pid 6268] set_robust_list(0x7f3dc0d559a0, 24 [pid 6266] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6268] <... set_robust_list resumed>) = 0 [pid 6266] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6268] rt_sigprocmask(SIG_SETMASK, [], [pid 6266] <... futex resumed>) = 0 [pid 6268] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6268] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6266] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6267] <... futex resumed>) = ? [pid 6267] +++ killed by SIGBUS +++ [pid 6266] <... futex resumed>) = ? [pid 6268] +++ killed by SIGBUS +++ [pid 6266] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6266, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./411", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./411/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./411/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./411/binderfs") = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./411/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./411/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./411/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./411/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./411") = 0 mkdir("./412", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6269 attached , child_tidptr=0x555556218690) = 6269 [pid 6269] set_robust_list(0x5555562186a0, 24) = 0 [pid 6269] chdir("./412") = 0 [pid 6269] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6269] setpgid(0, 0) = 0 [pid 6269] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6269] write(3, "1000", 4) = 4 [pid 6269] close(3) = 0 [ 119.417852][ T6267] loop0: detected capacity change from 0 to 2048 [ 119.429491][ T6267] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6269] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6269] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6269] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6269] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6270 attached => {parent_tid=[6270]}, 88) = 6270 [pid 6269] rt_sigprocmask(SIG_SETMASK, [], [pid 6270] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6270] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6270] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6270] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6269] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = 0 [pid 6269] <... futex resumed>) = 1 [pid 6270] memfd_create("syzkaller", 0 [pid 6269] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6270] <... memfd_create resumed>) = 3 [pid 6270] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6270] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6270] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6270] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6270] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6270] close(3) = 0 [pid 6270] mkdir("./file0", 0777) = 0 [pid 6270] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6270] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6270] chdir("./file0") = 0 [pid 6270] ioctl(4, LOOP_CLR_FD) = 0 [pid 6270] close(4) = 0 [pid 6270] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6270] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6269] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6270] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6270] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6269] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6269] <... futex resumed>) = 0 [pid 6269] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6270] <... open resumed>) = 5 [pid 6270] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] <... futex resumed>) = 0 [pid 6270] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6269] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6269] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6270] <... futex resumed>) = 0 [pid 6269] <... futex resumed>) = 0 [pid 6270] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6269] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6269] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6269] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6270] <... mmap resumed>) = 0x20000000 [pid 6269] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6270] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6270] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6271 attached [pid 6269] <... clone3 resumed> => {parent_tid=[6271]}, 88) = 6271 [pid 6271] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6269] rt_sigprocmask(SIG_SETMASK, [], [pid 6271] <... rseq resumed>) = 0 [pid 6269] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6269] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6271] set_robust_list(0x7f3dc0d559a0, 24 [pid 6269] <... futex resumed>) = 0 [pid 6271] <... set_robust_list resumed>) = 0 [pid 6269] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6271] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6271] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6270] <... futex resumed>) = ? [pid 6269] <... futex resumed>) = ? [pid 6270] +++ killed by SIGBUS +++ [pid 6271] +++ killed by SIGBUS +++ [pid 6269] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6269, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./412", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./412/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./412/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./412/binderfs") = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./412/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./412/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./412/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 119.517520][ T6270] loop0: detected capacity change from 0 to 2048 [ 119.529859][ T6270] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./412/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./412") = 0 mkdir("./413", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6272 attached , child_tidptr=0x555556218690) = 6272 [pid 6272] set_robust_list(0x5555562186a0, 24) = 0 [pid 6272] chdir("./413") = 0 [pid 6272] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6272] setpgid(0, 0) = 0 [pid 6272] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6272] write(3, "1000", 4) = 4 [pid 6272] close(3) = 0 [pid 6272] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6272] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6272] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6272] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6273]}, 88) = 6273 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6272] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6273 attached [pid 6273] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6273] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6273] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6273] memfd_create("syzkaller", 0) = 3 [pid 6273] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6273] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6273] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6273] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6273] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6273] close(3) = 0 [pid 6273] mkdir("./file0", 0777) = 0 [pid 6273] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6273] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6273] chdir("./file0") = 0 [pid 6273] ioctl(4, LOOP_CLR_FD) = 0 [pid 6273] close(4) = 0 [pid 6273] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6272] <... futex resumed>) = 0 [pid 6273] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] <... futex resumed>) = 0 [pid 6272] <... futex resumed>) = 1 [pid 6273] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6272] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] <... open resumed>) = 4 [pid 6273] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = 0 [pid 6273] <... futex resumed>) = 1 [pid 6272] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6273] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6272] <... futex resumed>) = 0 [pid 6273] <... open resumed>) = 5 [pid 6272] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6273] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6272] <... futex resumed>) = 0 [pid 6272] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] <... futex resumed>) = 1 [pid 6273] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6272] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6273] <... mmap resumed>) = 0x20000000 [pid 6272] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6272] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6273] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6273] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6272] <... mprotect resumed>) = 0 [pid 6272] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6272] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6274]}, 88) = 6274 [pid 6272] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6272] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6272] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6274 attached [pid 6274] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6274] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6274] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6274] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6272] <... futex resumed>) = ? [pid 6274] +++ killed by SIGBUS +++ [pid 6273] <... futex resumed>) = ? [pid 6273] +++ killed by SIGBUS +++ [pid 6272] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6272, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./413", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./413/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./413/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./413/binderfs") = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./413/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./413/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./413/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 119.612138][ T6273] loop0: detected capacity change from 0 to 2048 [ 119.628299][ T6273] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./413/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./413") = 0 mkdir("./414", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6275 attached , child_tidptr=0x555556218690) = 6275 [pid 6275] set_robust_list(0x5555562186a0, 24) = 0 [pid 6275] chdir("./414") = 0 [pid 6275] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6275] setpgid(0, 0) = 0 [pid 6275] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6275] write(3, "1000", 4) = 4 [pid 6275] close(3) = 0 [pid 6275] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6275] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6275] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6275] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6276]}, 88) = 6276 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6275] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6275] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6276 attached [pid 6276] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6276] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6276] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6276] memfd_create("syzkaller", 0) = 3 [pid 6276] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6276] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6276] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6276] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6276] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6276] close(3) = 0 [pid 6276] mkdir("./file0", 0777) = 0 [pid 6276] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6276] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6276] chdir("./file0") = 0 [pid 6276] ioctl(4, LOOP_CLR_FD) = 0 [pid 6276] close(4) = 0 [pid 6276] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6275] <... futex resumed>) = 0 [pid 6275] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] <... open resumed>) = 4 [pid 6276] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... futex resumed>) = 0 [pid 6276] <... futex resumed>) = 1 [pid 6276] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6276] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6275] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6276] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6275] <... futex resumed>) = 0 [pid 6276] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6275] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6275] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6276] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6275] <... futex resumed>) = 0 [pid 6275] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6276] <... futex resumed>) = 0 [pid 6276] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6275] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6275] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6275] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6277 attached [pid 6277] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6275] <... clone3 resumed> => {parent_tid=[6277]}, 88) = 6277 [pid 6277] <... rseq resumed>) = 0 [pid 6277] set_robust_list(0x7f3dc0d559a0, 24 [pid 6275] rt_sigprocmask(SIG_SETMASK, [], [pid 6277] <... set_robust_list resumed>) = 0 [pid 6275] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6277] rt_sigprocmask(SIG_SETMASK, [], [pid 6275] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6277] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6275] <... futex resumed>) = 0 [pid 6277] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6275] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6276] <... futex resumed>) = ? [pid 6275] <... futex resumed>) = ? [pid 6277] +++ killed by SIGBUS +++ [pid 6276] +++ killed by SIGBUS +++ [pid 6275] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6275, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./414", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./414/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./414/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./414/binderfs") = 0 [ 119.705412][ T6276] loop0: detected capacity change from 0 to 2048 [ 119.719411][ T6276] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./414/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./414/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./414/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./414/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./414") = 0 mkdir("./415", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6278 ./strace-static-x86_64: Process 6278 attached [pid 6278] set_robust_list(0x5555562186a0, 24) = 0 [pid 6278] chdir("./415") = 0 [pid 6278] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6278] setpgid(0, 0) = 0 [pid 6278] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6278] write(3, "1000", 4) = 4 [pid 6278] close(3) = 0 [pid 6278] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6278] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6278] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6278] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6278] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6278] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6279]}, 88) = 6279 [pid 6278] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 ./strace-static-x86_64: Process 6279 attached [pid 6278] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6279] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6278] <... futex resumed>) = 0 [pid 6279] <... rseq resumed>) = 0 [pid 6279] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6278] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6279] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6279] memfd_create("syzkaller", 0) = 3 [pid 6279] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6279] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6279] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6279] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6279] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6279] close(3) = 0 [pid 6279] mkdir("./file0", 0777) = 0 [pid 6279] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6279] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6279] chdir("./file0") = 0 [pid 6279] ioctl(4, LOOP_CLR_FD) = 0 [pid 6279] close(4) = 0 [pid 6279] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6278] <... futex resumed>) = 0 [pid 6279] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6278] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] <... open resumed>) = 4 [pid 6279] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6278] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6279] <... futex resumed>) = 1 [pid 6279] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6279] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... futex resumed>) = 0 [pid 6278] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6278] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6279] <... futex resumed>) = 1 [pid 6279] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6279] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6278] <... clone3 resumed> => {parent_tid=[6280]}, 88) = 6280 [pid 6279] <... futex resumed>) = 0 [pid 6278] rt_sigprocmask(SIG_SETMASK, [], [pid 6279] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6278] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6278] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6280] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6278] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6280] <... rseq resumed>) = 0 [pid 6280] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6280] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6280] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6279] <... futex resumed>) = ? [pid 6279] +++ killed by SIGBUS +++ [pid 6278] <... futex resumed>) = ? [pid 6280] +++ killed by SIGBUS +++ [pid 6278] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6278, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./415", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./415/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./415/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./415/binderfs") = 0 [ 119.812046][ T6279] loop0: detected capacity change from 0 to 2048 [ 119.823454][ T6279] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./415/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./415/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./415/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./415/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./415") = 0 mkdir("./416", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6281 attached , child_tidptr=0x555556218690) = 6281 [pid 6281] set_robust_list(0x5555562186a0, 24) = 0 [pid 6281] chdir("./416") = 0 [pid 6281] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6281] setpgid(0, 0) = 0 [pid 6281] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6281] write(3, "1000", 4) = 4 [pid 6281] close(3) = 0 [pid 6281] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6281] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6281] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6281] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6282 attached => {parent_tid=[6282]}, 88) = 6282 [pid 6281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6281] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6282] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6282] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6282] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6282] memfd_create("syzkaller", 0) = 3 [pid 6282] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6282] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6282] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6282] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6282] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6282] close(3) = 0 [pid 6282] mkdir("./file0", 0777) = 0 [pid 6282] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6282] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6282] chdir("./file0") = 0 [pid 6282] ioctl(4, LOOP_CLR_FD) = 0 [pid 6282] close(4) = 0 [pid 6282] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6282] <... futex resumed>) = 0 [pid 6282] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6281] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] <... open resumed>) = 4 [pid 6282] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6281] <... futex resumed>) = 0 [pid 6281] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6282] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6282] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] <... futex resumed>) = 0 [pid 6282] <... futex resumed>) = 1 [pid 6281] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6282] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6281] <... futex resumed>) = 0 [pid 6282] <... mmap resumed>) = 0x20000000 [pid 6281] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6281] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6282] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6281] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6282] <... futex resumed>) = 0 [pid 6281] <... mprotect resumed>) = 0 [pid 6282] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6281] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6281] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6283 attached => {parent_tid=[6283]}, 88) = 6283 [pid 6283] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6283] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6281] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6281] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6283] rt_sigprocmask(SIG_SETMASK, [], [pid 6281] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6283] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6283] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6281] <... futex resumed>) = ? [pid 6282] <... futex resumed>) = ? [pid 6283] +++ killed by SIGBUS +++ [pid 6282] +++ killed by SIGBUS +++ [pid 6281] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6281, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./416", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./416/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./416/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./416/binderfs") = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./416/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./416/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./416/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./416/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./416") = 0 [ 119.932904][ T6282] loop0: detected capacity change from 0 to 2048 [ 119.944923][ T6282] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./417", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6284 attached , child_tidptr=0x555556218690) = 6284 [pid 6284] set_robust_list(0x5555562186a0, 24) = 0 [pid 6284] chdir("./417") = 0 [pid 6284] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6284] setpgid(0, 0) = 0 [pid 6284] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6284] write(3, "1000", 4) = 4 [pid 6284] close(3) = 0 [pid 6284] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6284] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6284] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6284] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6285]}, 88) = 6285 [pid 6284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6284] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6285 attached [pid 6285] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6285] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6285] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6285] memfd_create("syzkaller", 0) = 3 [pid 6285] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6285] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6285] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6285] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6285] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6285] close(3) = 0 [pid 6285] mkdir("./file0", 0777) = 0 [pid 6285] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6285] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6285] chdir("./file0") = 0 [pid 6285] ioctl(4, LOOP_CLR_FD) = 0 [pid 6285] close(4) = 0 [pid 6285] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6285] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6284] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6284] <... futex resumed>) = 0 [pid 6285] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6284] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... open resumed>) = 4 [pid 6285] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6285] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6284] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6284] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6284] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6284] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6286 attached => {parent_tid=[6286]}, 88) = 6286 [pid 6284] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6284] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6285] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6284] <... futex resumed>) = 0 [pid 6284] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6285] <... mmap resumed>) = 0x20000000 [pid 6285] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6285] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6286] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6286] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6286] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6286] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6285] <... futex resumed>) = ? [pid 6285] +++ killed by SIGBUS +++ [pid 6284] <... futex resumed>) = ? [pid 6286] +++ killed by SIGBUS +++ [pid 6284] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6284, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./417", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./417/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./417/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./417/binderfs") = 0 [ 120.036493][ T6285] loop0: detected capacity change from 0 to 2048 [ 120.049610][ T6285] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./417/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./417/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./417/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./417/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./417") = 0 mkdir("./418", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6287 ./strace-static-x86_64: Process 6287 attached [pid 6287] set_robust_list(0x5555562186a0, 24) = 0 [pid 6287] chdir("./418") = 0 [pid 6287] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6287] setpgid(0, 0) = 0 [pid 6287] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6287] write(3, "1000", 4) = 4 [pid 6287] close(3) = 0 [pid 6287] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6287] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6287] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6287] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6288]}, 88) = 6288 [pid 6287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6287] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6288 attached [pid 6288] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6288] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6288] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6288] memfd_create("syzkaller", 0) = 3 [pid 6288] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6288] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6288] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6288] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6288] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6288] close(3) = 0 [pid 6288] mkdir("./file0", 0777) = 0 [pid 6288] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6288] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6288] chdir("./file0") = 0 [pid 6288] ioctl(4, LOOP_CLR_FD) = 0 [pid 6288] close(4) = 0 [pid 6288] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6288] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6287] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] <... futex resumed>) = 0 [pid 6288] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6287] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6288] <... open resumed>) = 4 [pid 6288] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6288] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6287] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] <... futex resumed>) = 0 [pid 6288] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6287] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6288] <... open resumed>) = 5 [pid 6288] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6287] <... futex resumed>) = 0 [pid 6288] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6287] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6287] <... futex resumed>) = 0 [pid 6288] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6287] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6288] <... mmap resumed>) = 0x20000000 [pid 6287] <... futex resumed>) = 0 [pid 6287] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6288] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6287] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6287] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6288] <... futex resumed>) = 0 [pid 6287] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6288] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6287] <... clone3 resumed> => {parent_tid=[6289]}, 88) = 6289 [pid 6287] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6287] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6287] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6289 attached [pid 6289] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6289] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6289] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6289] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6288] <... futex resumed>) = ? [pid 6288] +++ killed by SIGBUS +++ [pid 6287] <... futex resumed>) = ? [pid 6289] +++ killed by SIGBUS +++ [pid 6287] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6287, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./418", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./418/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./418/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./418/binderfs") = 0 [ 120.152954][ T6288] loop0: detected capacity change from 0 to 2048 [ 120.165239][ T6288] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./418/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./418/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./418/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./418/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./418") = 0 mkdir("./419", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6290 ./strace-static-x86_64: Process 6290 attached [pid 6290] set_robust_list(0x5555562186a0, 24) = 0 [pid 6290] chdir("./419") = 0 [pid 6290] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6290] setpgid(0, 0) = 0 [pid 6290] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6290] write(3, "1000", 4) = 4 [pid 6290] close(3) = 0 [pid 6290] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6290] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6290] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6290] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6290] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6290] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6291 attached => {parent_tid=[6291]}, 88) = 6291 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6291] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6291] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6291] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6291] memfd_create("syzkaller", 0) = 3 [pid 6291] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6291] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6291] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6291] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6291] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6291] close(3) = 0 [pid 6291] mkdir("./file0", 0777) = 0 [pid 6291] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6291] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6291] chdir("./file0") = 0 [pid 6291] ioctl(4, LOOP_CLR_FD) = 0 [pid 6291] close(4) = 0 [pid 6291] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] <... futex resumed>) = 0 [pid 6291] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6290] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] <... open resumed>) = 4 [pid 6291] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6290] <... futex resumed>) = 0 [pid 6291] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6290] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6291] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6291] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6290] <... futex resumed>) = 0 [pid 6290] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6291] <... futex resumed>) = 1 [pid 6290] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6291] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6291] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6291] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6290] <... clone3 resumed> => {parent_tid=[6292]}, 88) = 6292 ./strace-static-x86_64: Process 6292 attached [pid 6292] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6292] set_robust_list(0x7f3dc0d559a0, 24 [pid 6290] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6290] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6290] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6292] <... set_robust_list resumed>) = 0 [pid 6292] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6292] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6291] <... futex resumed>) = ? [pid 6291] +++ killed by SIGBUS +++ [pid 6292] +++ killed by SIGBUS +++ [pid 6290] <... futex resumed>) = ? [pid 6290] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6290, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./419", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./419/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./419/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./419/binderfs") = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./419/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./419/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./419/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 120.276352][ T6291] loop0: detected capacity change from 0 to 2048 [ 120.287025][ T6291] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./419/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./419") = 0 mkdir("./420", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6293 attached , child_tidptr=0x555556218690) = 6293 [pid 6293] set_robust_list(0x5555562186a0, 24) = 0 [pid 6293] chdir("./420") = 0 [pid 6293] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6293] setpgid(0, 0) = 0 [pid 6293] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6293] write(3, "1000", 4) = 4 [pid 6293] close(3) = 0 [pid 6293] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6293] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6293] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6293] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6293] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6294 attached [pid 6294] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6293] <... clone3 resumed> => {parent_tid=[6294]}, 88) = 6294 [pid 6294] <... rseq resumed>) = 0 [pid 6294] set_robust_list(0x7f3dc90769a0, 24 [pid 6293] rt_sigprocmask(SIG_SETMASK, [], [pid 6294] <... set_robust_list resumed>) = 0 [pid 6293] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6294] rt_sigprocmask(SIG_SETMASK, [], [pid 6293] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6293] <... futex resumed>) = 0 [pid 6294] memfd_create("syzkaller", 0 [pid 6293] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6294] <... memfd_create resumed>) = 3 [pid 6294] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6294] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6294] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6294] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6294] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6294] close(3) = 0 [pid 6294] mkdir("./file0", 0777) = 0 [pid 6294] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6294] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6294] chdir("./file0") = 0 [pid 6294] ioctl(4, LOOP_CLR_FD) = 0 [pid 6294] close(4) = 0 [pid 6294] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6294] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6293] <... futex resumed>) = 0 [pid 6294] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6293] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] <... open resumed>) = 4 [pid 6294] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6294] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6293] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6294] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6293] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6294] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6294] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6293] <... futex resumed>) = 0 [pid 6293] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6293] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6294] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6293] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6294] <... mmap resumed>) = 0x20000000 [pid 6293] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6294] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6293] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6294] <... futex resumed>) = 0 [pid 6294] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6295 attached [pid 6293] <... clone3 resumed> => {parent_tid=[6295]}, 88) = 6295 [pid 6293] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6293] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6293] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6295] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6295] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6295] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6295] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6294] <... futex resumed>) = ? [pid 6293] <... futex resumed>) = ? [pid 6294] +++ killed by SIGBUS +++ [pid 6295] +++ killed by SIGBUS +++ [pid 6293] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6293, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./420", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./420/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./420/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./420/binderfs") = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./420/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./420/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./420/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./420/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 120.389153][ T6294] loop0: detected capacity change from 0 to 2048 [ 120.400449][ T6294] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./420") = 0 mkdir("./421", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6296 ./strace-static-x86_64: Process 6296 attached [pid 6296] set_robust_list(0x5555562186a0, 24) = 0 [pid 6296] chdir("./421") = 0 [pid 6296] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6296] setpgid(0, 0) = 0 [pid 6296] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6296] write(3, "1000", 4) = 4 [pid 6296] close(3) = 0 [pid 6296] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6296] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6296] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6296] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6297]}, 88) = 6297 ./strace-static-x86_64: Process 6297 attached [pid 6296] rt_sigprocmask(SIG_SETMASK, [], [pid 6297] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6296] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6297] <... rseq resumed>) = 0 [pid 6297] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6297] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6297] memfd_create("syzkaller", 0) = 3 [pid 6297] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6297] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6297] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6297] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6297] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6297] close(3) = 0 [pid 6297] mkdir("./file0", 0777) = 0 [pid 6297] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6297] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6297] chdir("./file0") = 0 [pid 6297] ioctl(4, LOOP_CLR_FD) = 0 [pid 6297] close(4) = 0 [pid 6297] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] <... open resumed>) = 4 [pid 6297] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6296] <... futex resumed>) = 0 [pid 6297] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6296] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... open resumed>) = 5 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6297] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6296] <... futex resumed>) = 0 [pid 6297] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6296] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6297] <... mmap resumed>) = 0x20000000 [pid 6296] <... futex resumed>) = 0 [pid 6296] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6296] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6296] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6296] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6296] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6297] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6298 attached ) = 0 [pid 6296] <... clone3 resumed> => {parent_tid=[6298]}, 88) = 6298 [pid 6298] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6296] rt_sigprocmask(SIG_SETMASK, [], [pid 6298] <... rseq resumed>) = 0 [pid 6296] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6298] set_robust_list(0x7f3dc0d559a0, 24 [pid 6296] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6298] <... set_robust_list resumed>) = 0 [pid 6296] <... futex resumed>) = 0 [pid 6298] rt_sigprocmask(SIG_SETMASK, [], [pid 6296] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6298] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6298] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6297] read(-921426432, [pid 6297] +++ killed by SIGBUS +++ [pid 6296] <... futex resumed>) = ? [pid 6298] +++ killed by SIGBUS +++ [pid 6296] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6296, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./421", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./421/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./421/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./421/binderfs") = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./421/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./421/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./421/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./421/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 120.492254][ T6297] loop0: detected capacity change from 0 to 2048 [ 120.503763][ T6297] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./421") = 0 mkdir("./422", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6299 attached , child_tidptr=0x555556218690) = 6299 [pid 6299] set_robust_list(0x5555562186a0, 24) = 0 [pid 6299] chdir("./422") = 0 [pid 6299] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6299] setpgid(0, 0) = 0 [pid 6299] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6299] write(3, "1000", 4) = 4 [pid 6299] close(3) = 0 [pid 6299] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6299] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6299] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6299] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6300]}, 88) = 6300 [pid 6299] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6299] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6300 attached [pid 6300] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6300] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6300] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6300] memfd_create("syzkaller", 0) = 3 [pid 6300] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6300] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6300] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6300] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6300] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6300] close(3) = 0 [pid 6300] mkdir("./file0", 0777) = 0 [pid 6300] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6300] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6300] chdir("./file0") = 0 [pid 6300] ioctl(4, LOOP_CLR_FD) = 0 [pid 6300] close(4) = 0 [pid 6300] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] <... futex resumed>) = 0 [pid 6299] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... futex resumed>) = 0 [pid 6300] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6299] <... futex resumed>) = 1 [pid 6299] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... open resumed>) = 4 [pid 6300] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6299] <... futex resumed>) = 0 [pid 6300] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6299] <... futex resumed>) = 0 [pid 6300] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6299] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... open resumed>) = 5 [pid 6300] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6300] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] <... futex resumed>) = 0 [pid 6300] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6299] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6300] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6299] <... futex resumed>) = 0 [pid 6300] <... mmap resumed>) = 0x20000000 [pid 6299] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6299] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6299] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6300] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6300] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6299] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6301]}, 88) = 6301 [pid 6299] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6301 attached [pid 6301] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6301] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6301] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6299] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6301] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6299] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6301] <... futex resumed>) = 0 [pid 6299] <... futex resumed>) = 1 [pid 6301] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6299] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6300] <... futex resumed>) = ? [pid 6299] <... futex resumed>) = ? [pid 6301] +++ killed by SIGBUS +++ [pid 6300] +++ killed by SIGBUS +++ [pid 6299] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6299, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./422", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./422/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 120.633991][ T6300] loop0: detected capacity change from 0 to 2048 [ 120.644834][ T6300] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./422/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./422/binderfs") = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./422/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./422/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./422/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./422/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./422") = 0 mkdir("./423", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6302 ./strace-static-x86_64: Process 6302 attached [pid 6302] set_robust_list(0x5555562186a0, 24) = 0 [pid 6302] chdir("./423") = 0 [pid 6302] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6302] setpgid(0, 0) = 0 [pid 6302] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6302] write(3, "1000", 4) = 4 [pid 6302] close(3) = 0 [pid 6302] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6302] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6302] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6302] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6303 attached [pid 6303] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6303] set_robust_list(0x7f3dc90769a0, 24 [pid 6302] <... clone3 resumed> => {parent_tid=[6303]}, 88) = 6303 [pid 6303] <... set_robust_list resumed>) = 0 [pid 6302] rt_sigprocmask(SIG_SETMASK, [], [pid 6303] rt_sigprocmask(SIG_SETMASK, [], [pid 6302] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6303] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6302] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6303] memfd_create("syzkaller", 0 [pid 6302] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6303] <... memfd_create resumed>) = 3 [pid 6303] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6303] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6303] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6303] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6303] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6303] close(3) = 0 [pid 6303] mkdir("./file0", 0777) = 0 [pid 6303] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6303] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6303] chdir("./file0") = 0 [pid 6303] ioctl(4, LOOP_CLR_FD) = 0 [pid 6303] close(4) = 0 [pid 6303] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6302] <... futex resumed>) = 0 [pid 6303] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6302] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6302] <... futex resumed>) = 0 [pid 6303] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6302] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] <... open resumed>) = 4 [pid 6303] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] <... futex resumed>) = 0 [pid 6302] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6303] <... futex resumed>) = 1 [pid 6303] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6303] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6302] <... futex resumed>) = 0 [pid 6302] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... futex resumed>) = 1 [pid 6302] <... futex resumed>) = 0 [pid 6303] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6302] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6303] <... mmap resumed>) = 0x20000000 [pid 6302] <... futex resumed>) = 0 [pid 6302] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6303] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6303] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6302] <... mprotect resumed>) = 0 [pid 6302] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6302] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6304]}, 88) = 6304 [pid 6302] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6302] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6302] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6304 attached [pid 6304] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6304] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6304] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6304] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6304] +++ killed by SIGBUS +++ [pid 6303] <... futex resumed>) = ? [pid 6302] <... futex resumed>) = ? [pid 6303] +++ killed by SIGBUS +++ [pid 6302] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6302, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./423", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./423/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./423/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./423/binderfs") = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 120.747849][ T6303] loop0: detected capacity change from 0 to 2048 [ 120.769988][ T6303] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./423/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./423/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./423/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./423/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./423") = 0 mkdir("./424", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6305 attached , child_tidptr=0x555556218690) = 6305 [pid 6305] set_robust_list(0x5555562186a0, 24) = 0 [pid 6305] chdir("./424") = 0 [pid 6305] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6305] setpgid(0, 0) = 0 [pid 6305] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6305] write(3, "1000", 4) = 4 [pid 6305] close(3) = 0 [pid 6305] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6305] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6305] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6305] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6305] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6306]}, 88) = 6306 [pid 6305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6305] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6306 attached [pid 6306] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6306] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6306] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6306] memfd_create("syzkaller", 0) = 3 [pid 6306] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6306] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6306] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6306] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6306] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6306] close(3) = 0 [pid 6306] mkdir("./file0", 0777) = 0 [pid 6306] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6306] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6306] chdir("./file0") = 0 [pid 6306] ioctl(4, LOOP_CLR_FD) = 0 [pid 6306] close(4) = 0 [pid 6306] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] <... futex resumed>) = 0 [pid 6306] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6305] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... open resumed>) = 4 [pid 6306] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6305] <... futex resumed>) = 0 [pid 6306] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6306] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6305] <... futex resumed>) = 0 [pid 6306] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6305] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6306] <... open resumed>) = 5 [pid 6306] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6305] <... futex resumed>) = 0 [pid 6306] <... futex resumed>) = 1 [pid 6305] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6305] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6305] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6305] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6306] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6305] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6305] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6306] <... mmap resumed>) = 0x20000000 [pid 6306] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6306] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6307 attached [pid 6307] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6305] <... clone3 resumed> => {parent_tid=[6307]}, 88) = 6307 [pid 6305] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6307] <... rseq resumed>) = 0 [pid 6307] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6307] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6307] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6305] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6307] <... futex resumed>) = 0 [pid 6305] <... futex resumed>) = 1 [pid 6307] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6305] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6307] +++ killed by SIGBUS +++ [pid 6306] <... futex resumed>) = ? [pid 6306] +++ killed by SIGBUS +++ [pid 6305] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6305, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./424", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./424/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./424/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 120.861741][ T6306] loop0: detected capacity change from 0 to 2048 [ 120.874714][ T6306] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./424/binderfs") = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./424/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./424/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./424/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./424/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./424") = 0 mkdir("./425", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6308 attached [pid 6308] set_robust_list(0x5555562186a0, 24) = 0 [pid 6308] chdir("./425") = 0 [pid 6308] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6308] setpgid(0, 0) = 0 [pid 6308] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6308] write(3, "1000", 4) = 4 [pid 6308] close(3) = 0 [pid 6308] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6308] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6308] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6308] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6309 attached => {parent_tid=[6309]}, 88) = 6309 [pid 6309] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6308] rt_sigprocmask(SIG_SETMASK, [], [pid 6309] <... rseq resumed>) = 0 [pid 6309] set_robust_list(0x7f3dc90769a0, 24 [pid 6308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6309] <... set_robust_list resumed>) = 0 [pid 6308] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] rt_sigprocmask(SIG_SETMASK, [], [pid 6308] <... futex resumed>) = 0 [pid 6309] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6308] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6309] memfd_create("syzkaller", 0) = 3 [pid 6309] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6308 [pid 6309] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6309] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6309] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6309] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6309] close(3) = 0 [pid 6309] mkdir("./file0", 0777) = 0 [pid 6309] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6309] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6309] chdir("./file0") = 0 [pid 6309] ioctl(4, LOOP_CLR_FD) = 0 [pid 6309] close(4) = 0 [pid 6309] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6309] <... futex resumed>) = 1 [pid 6308] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] <... open resumed>) = 4 [pid 6309] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = 0 [pid 6309] <... futex resumed>) = 1 [pid 6308] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6308] <... futex resumed>) = 0 [pid 6308] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6309] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6308] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6308] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6309] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = 0 [pid 6309] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6308] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6309] <... mmap resumed>) = 0x20000000 [pid 6308] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6309] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6308] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6309] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] <... mprotect resumed>) = 0 [pid 6308] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6308] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6310]}, 88) = 6310 ./strace-static-x86_64: Process 6310 attached [pid 6308] rt_sigprocmask(SIG_SETMASK, [], [pid 6310] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6310] set_robust_list(0x7f3dc0d559a0, 24 [pid 6308] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6310] <... set_robust_list resumed>) = 0 [pid 6310] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6310] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6308] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6310] <... futex resumed>) = 0 [pid 6308] <... futex resumed>) = 1 [pid 6310] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6309] <... futex resumed>) = ? [pid 6309] +++ killed by SIGBUS +++ [pid 6310] +++ killed by SIGBUS +++ [pid 6308] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6308, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./425", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./425/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./425/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./425/binderfs") = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./425/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./425/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./425/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./425/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./425") = 0 mkdir("./426", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6311 attached [ 120.974752][ T6309] loop0: detected capacity change from 0 to 2048 [ 120.987732][ T6309] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) , child_tidptr=0x555556218690) = 6311 [pid 6311] set_robust_list(0x5555562186a0, 24) = 0 [pid 6311] chdir("./426") = 0 [pid 6311] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6311] setpgid(0, 0) = 0 [pid 6311] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6311] write(3, "1000", 4) = 4 [pid 6311] close(3) = 0 [pid 6311] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6311] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6311] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6311] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6312]}, 88) = 6312 [pid 6311] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6311] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6312 attached [pid 6312] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6312] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6312] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6312] memfd_create("syzkaller", 0) = 3 [pid 6312] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6312] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6312] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6312] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6312] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6312] close(3) = 0 [pid 6312] mkdir("./file0", 0777) = 0 [pid 6312] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6312] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6312] chdir("./file0") = 0 [pid 6312] ioctl(4, LOOP_CLR_FD) = 0 [pid 6312] close(4) = 0 [pid 6312] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6312] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6312] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6312] <... open resumed>) = 5 [pid 6312] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6311] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6311] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6311] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6311] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6313]}, 88) = 6313 ./strace-static-x86_64: Process 6313 attached [pid 6311] rt_sigprocmask(SIG_SETMASK, [], [pid 6313] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6311] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6313] <... rseq resumed>) = 0 [pid 6311] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6313] set_robust_list(0x7f3dc0d559a0, 24 [pid 6311] <... futex resumed>) = 0 [pid 6311] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6313] <... set_robust_list resumed>) = 0 [pid 6312] <... futex resumed>) = 1 [pid 6312] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6313] rt_sigprocmask(SIG_SETMASK, [], [pid 6312] <... mmap resumed>) = 0x20000000 [pid 6312] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6312] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6313] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6313] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6312] <... futex resumed>) = ? [pid 6312] +++ killed by SIGBUS +++ [pid 6311] <... futex resumed>) = ? [pid 6313] +++ killed by SIGBUS +++ [pid 6311] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6311, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./426", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./426/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./426/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./426/binderfs") = 0 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 121.074432][ T6312] loop0: detected capacity change from 0 to 2048 [ 121.089243][ T6312] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./426/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./426/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./426/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./426/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./426") = 0 mkdir("./427", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6314 ./strace-static-x86_64: Process 6314 attached [pid 6314] set_robust_list(0x5555562186a0, 24) = 0 [pid 6314] chdir("./427") = 0 [pid 6314] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6314] setpgid(0, 0) = 0 [pid 6314] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6314] write(3, "1000", 4) = 4 [pid 6314] close(3) = 0 [pid 6314] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6314] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6314] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6314] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6315 attached => {parent_tid=[6315]}, 88) = 6315 [pid 6314] rt_sigprocmask(SIG_SETMASK, [], [pid 6315] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6314] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6315] <... rseq resumed>) = 0 [pid 6314] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6314] <... futex resumed>) = 0 [pid 6315] rt_sigprocmask(SIG_SETMASK, [], [pid 6314] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6315] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6315] memfd_create("syzkaller", 0) = 3 [pid 6315] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6315] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6315] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6315] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6315] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6315] close(3) = 0 [pid 6315] mkdir("./file0", 0777) = 0 [pid 6315] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6315] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6315] chdir("./file0") = 0 [pid 6315] ioctl(4, LOOP_CLR_FD) = 0 [pid 6315] close(4) = 0 [pid 6315] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6315] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6314] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... open resumed>) = 4 [pid 6315] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... futex resumed>) = 0 [pid 6315] <... futex resumed>) = 1 [pid 6315] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6314] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] <... open resumed>) = 5 [pid 6315] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6314] <... futex resumed>) = 0 [pid 6314] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6315] <... futex resumed>) = 1 [pid 6314] <... futex resumed>) = 0 [pid 6314] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6315] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6314] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6315] <... mmap resumed>) = 0x20000000 [pid 6314] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6314] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6314] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6316 attached => {parent_tid=[6316]}, 88) = 6316 [pid 6314] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6314] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6314] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6315] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6315] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6316] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6316] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6316] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6316] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6315] <... futex resumed>) = ? [pid 6315] +++ killed by SIGBUS +++ [pid 6314] <... futex resumed>) = ? [pid 6316] +++ killed by SIGBUS +++ [pid 6314] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6314, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./427", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./427/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./427/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./427/binderfs") = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./427/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./427/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./427/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./427/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./427") = 0 [ 121.178538][ T6315] loop0: detected capacity change from 0 to 2048 [ 121.189977][ T6315] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./428", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6317 attached , child_tidptr=0x555556218690) = 6317 [pid 6317] set_robust_list(0x5555562186a0, 24) = 0 [pid 6317] chdir("./428") = 0 [pid 6317] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6317] setpgid(0, 0) = 0 [pid 6317] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6317] write(3, "1000", 4) = 4 [pid 6317] close(3) = 0 [pid 6317] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6317] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6317] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6317] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6318]}, 88) = 6318 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6317] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6317] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6318 attached [pid 6318] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6318] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6318] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6318] memfd_create("syzkaller", 0) = 3 [pid 6318] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6318] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6318] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6318] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6318] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6318] close(3) = 0 [pid 6318] mkdir("./file0", 0777) = 0 [pid 6318] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6318] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6318] chdir("./file0") = 0 [pid 6318] ioctl(4, LOOP_CLR_FD) = 0 [pid 6318] close(4) = 0 [pid 6318] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] <... open resumed>) = 4 [pid 6318] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] <... futex resumed>) = 0 [pid 6317] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6318] <... futex resumed>) = 0 [pid 6317] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6318] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6318] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6317] <... futex resumed>) = 0 [pid 6318] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6318] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6317] <... futex resumed>) = 0 [pid 6318] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6317] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6318] <... mmap resumed>) = 0x20000000 [pid 6317] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6318] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6317] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6318] <... futex resumed>) = 0 [pid 6317] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6318] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6317] <... mprotect resumed>) = 0 [pid 6317] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6317] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6319 attached => {parent_tid=[6319]}, 88) = 6319 [pid 6319] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6317] rt_sigprocmask(SIG_SETMASK, [], [pid 6319] <... rseq resumed>) = 0 [pid 6317] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6319] set_robust_list(0x7f3dc0d559a0, 24 [pid 6317] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6319] <... set_robust_list resumed>) = 0 [pid 6317] <... futex resumed>) = 0 [pid 6319] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6317] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6319] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6317] <... futex resumed>) = ? [pid 6319] +++ killed by SIGBUS +++ [pid 6318] <... futex resumed>) = ? [pid 6318] +++ killed by SIGBUS +++ [pid 6317] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6317, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./428", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./428/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./428/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./428/binderfs") = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./428/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./428/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./428/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./428/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./428") = 0 [ 121.281045][ T6318] loop0: detected capacity change from 0 to 2048 [ 121.294425][ T6318] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./429", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6320 attached , child_tidptr=0x555556218690) = 6320 [pid 6320] set_robust_list(0x5555562186a0, 24) = 0 [pid 6320] chdir("./429") = 0 [pid 6320] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6320] setpgid(0, 0) = 0 [pid 6320] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6320] write(3, "1000", 4) = 4 [pid 6320] close(3) = 0 [pid 6320] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6320] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6320] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6320] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6320] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6320] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6320] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6321 attached [pid 6321] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6320] <... clone3 resumed> => {parent_tid=[6321]}, 88) = 6321 [pid 6321] set_robust_list(0x7f3dc90769a0, 24 [pid 6320] rt_sigprocmask(SIG_SETMASK, [], [pid 6321] <... set_robust_list resumed>) = 0 [pid 6320] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6321] rt_sigprocmask(SIG_SETMASK, [], [pid 6320] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6321] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6320] <... futex resumed>) = 0 [pid 6321] memfd_create("syzkaller", 0 [pid 6320] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6321] <... memfd_create resumed>) = 3 [pid 6321] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6321] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6321] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6321] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6321] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6321] close(3) = 0 [pid 6321] mkdir("./file0", 0777) = 0 [pid 6321] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6321] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6321] chdir("./file0") = 0 [pid 6321] ioctl(4, LOOP_CLR_FD) = 0 [pid 6321] close(4) = 0 [pid 6321] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6320] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6321] <... futex resumed>) = 1 [pid 6321] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6321] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] <... futex resumed>) = 0 [pid 6320] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6321] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6321] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6321] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6320] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6320] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6321] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6320] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6321] <... futex resumed>) = 0 [pid 6321] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6321] +++ killed by SIGBUS +++ [pid 6320] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6320, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./429", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./429/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./429/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./429/binderfs") = 0 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 121.370695][ T6321] loop0: detected capacity change from 0 to 2048 [ 121.383059][ T6321] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./429/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./429/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./429/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./429/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./429") = 0 mkdir("./430", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6322 attached , child_tidptr=0x555556218690) = 6322 [pid 6322] set_robust_list(0x5555562186a0, 24) = 0 [pid 6322] chdir("./430") = 0 [pid 6322] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6322] setpgid(0, 0) = 0 [pid 6322] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6322] write(3, "1000", 4) = 4 [pid 6322] close(3) = 0 [pid 6322] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6322] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6322] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6322] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6322] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6323 attached => {parent_tid=[6323]}, 88) = 6323 [pid 6322] rt_sigprocmask(SIG_SETMASK, [], [pid 6323] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6323] set_robust_list(0x7f3dc90769a0, 24 [pid 6322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6323] <... set_robust_list resumed>) = 0 [pid 6323] rt_sigprocmask(SIG_SETMASK, [], [pid 6322] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6322] <... futex resumed>) = 0 [pid 6323] memfd_create("syzkaller", 0 [pid 6322] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6323] <... memfd_create resumed>) = 3 [pid 6323] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6323] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6323] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6323] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6323] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6323] close(3) = 0 [pid 6323] mkdir("./file0", 0777) = 0 [pid 6323] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6323] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6323] chdir("./file0") = 0 [pid 6323] ioctl(4, LOOP_CLR_FD) = 0 [pid 6323] close(4) = 0 [pid 6323] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6322] <... futex resumed>) = 0 [pid 6323] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6322] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6322] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... open resumed>) = 4 [pid 6323] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6323] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] <... futex resumed>) = 0 [pid 6322] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] <... futex resumed>) = 0 [pid 6322] <... futex resumed>) = 1 [pid 6323] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6322] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6323] <... open resumed>) = 5 [pid 6323] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6322] <... futex resumed>) = 0 [pid 6322] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6323] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6322] <... futex resumed>) = 0 [pid 6323] <... mmap resumed>) = 0x20000000 [pid 6322] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6322] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6323] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6322] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6323] <... futex resumed>) = 0 [pid 6322] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6323] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6322] <... mprotect resumed>) = 0 [pid 6322] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6322] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6324 attached [pid 6324] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6322] <... clone3 resumed> => {parent_tid=[6324]}, 88) = 6324 [pid 6324] <... rseq resumed>) = 0 [pid 6322] rt_sigprocmask(SIG_SETMASK, [], [pid 6324] set_robust_list(0x7f3dc0d559a0, 24 [pid 6322] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6324] <... set_robust_list resumed>) = 0 [pid 6322] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6324] rt_sigprocmask(SIG_SETMASK, [], [pid 6322] <... futex resumed>) = 0 [pid 6324] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6322] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6324] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6323] <... futex resumed>) = ? [pid 6322] <... futex resumed>) = ? [pid 6324] +++ killed by SIGBUS +++ [pid 6323] +++ killed by SIGBUS +++ [pid 6322] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6322, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./430", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./430/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./430/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./430/binderfs") = 0 [ 121.491398][ T6323] loop0: detected capacity change from 0 to 2048 [ 121.502825][ T6323] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./430/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./430/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./430/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./430/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./430") = 0 mkdir("./431", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6325 attached [pid 6325] set_robust_list(0x5555562186a0, 24) = 0 [pid 6325] chdir("./431") = 0 [pid 6325] prctl(PR_SET_PDEATHSIG, SIGKILL [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6325 [pid 6325] <... prctl resumed>) = 0 [pid 6325] setpgid(0, 0) = 0 [pid 6325] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6325] write(3, "1000", 4) = 4 [pid 6325] close(3) = 0 [pid 6325] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6325] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6325] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6325] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6326 attached => {parent_tid=[6326]}, 88) = 6326 [pid 6326] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6326] set_robust_list(0x7f3dc90769a0, 24 [pid 6325] rt_sigprocmask(SIG_SETMASK, [], [pid 6326] <... set_robust_list resumed>) = 0 [pid 6325] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6326] rt_sigprocmask(SIG_SETMASK, [], [pid 6325] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6325] <... futex resumed>) = 0 [pid 6326] memfd_create("syzkaller", 0 [pid 6325] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6326] <... memfd_create resumed>) = 3 [pid 6326] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6326] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6326] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6326] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6326] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6326] close(3) = 0 [pid 6326] mkdir("./file0", 0777) = 0 [pid 6326] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6326] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6326] chdir("./file0") = 0 [pid 6326] ioctl(4, LOOP_CLR_FD) = 0 [pid 6326] close(4) = 0 [pid 6326] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6326] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] <... open resumed>) = 4 [pid 6326] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] <... futex resumed>) = 1 [pid 6326] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6326] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6325] <... futex resumed>) = 0 [pid 6325] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6325] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6326] <... futex resumed>) = 1 [pid 6325] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6326] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0x7f3dc0d35000 [pid 6325] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6325] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6325] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6326] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6327 attached ) = 0 [pid 6327] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6326] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6325] <... clone3 resumed> => {parent_tid=[6327]}, 88) = 6327 [pid 6325] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6325] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6327] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6327] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6327] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6325] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6326] <... futex resumed>) = ? [pid 6327] +++ killed by SIGBUS +++ [pid 6326] +++ killed by SIGBUS +++ [pid 6325] <... futex resumed>) = ? [pid 6325] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6325, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./431", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./431/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./431/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./431/binderfs") = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./431/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./431/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./431/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./431/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./431") = 0 mkdir("./432", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6328 attached , child_tidptr=0x555556218690) = 6328 [pid 6328] set_robust_list(0x5555562186a0, 24) = 0 [pid 6328] chdir("./432") = 0 [pid 6328] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6328] setpgid(0, 0) = 0 [pid 6328] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6328] write(3, "1000", 4) = 4 [pid 6328] close(3) = 0 [pid 6328] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6328] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6328] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6328] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6328] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6328] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6329 attached [pid 6329] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6328] <... clone3 resumed> => {parent_tid=[6329]}, 88) = 6329 [pid 6329] <... rseq resumed>) = 0 [pid 6328] rt_sigprocmask(SIG_SETMASK, [], [pid 6329] set_robust_list(0x7f3dc90769a0, 24 [pid 6328] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6329] <... set_robust_list resumed>) = 0 [pid 6328] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6329] memfd_create("syzkaller", 0) = 3 [pid 6329] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [ 121.594275][ T6326] loop0: detected capacity change from 0 to 2048 [ 121.605090][ T6326] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6329] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6329] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6329] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6329] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6329] close(3) = 0 [pid 6329] mkdir("./file0", 0777) = 0 [pid 6329] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6329] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6329] chdir("./file0") = 0 [pid 6329] ioctl(4, LOOP_CLR_FD) = 0 [pid 6329] close(4) = 0 [pid 6329] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6329] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6329] <... futex resumed>) = 0 [pid 6329] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6328] <... futex resumed>) = 1 [pid 6328] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... open resumed>) = 4 [pid 6329] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6329] <... futex resumed>) = 1 [pid 6329] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6329] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6328] <... futex resumed>) = 0 [pid 6328] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6328] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6329] <... futex resumed>) = 1 [pid 6328] <... mprotect resumed>) = 0 [pid 6329] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[6330]}, 88) = 6330 [pid 6329] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6329] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6328] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6328] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6328] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6330] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6330] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6330] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6330] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6329] <... futex resumed>) = ? [pid 6330] +++ killed by SIGBUS +++ [pid 6329] +++ killed by SIGBUS +++ [pid 6328] <... futex resumed>) = ? [pid 6328] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6328, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./432", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./432/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./432/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./432/binderfs") = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./432/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./432/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./432/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./432/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./432") = 0 mkdir("./433", 0777) = 0 [ 121.673118][ T6329] loop0: detected capacity change from 0 to 2048 [ 121.690702][ T6329] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6331 ./strace-static-x86_64: Process 6331 attached [pid 6331] set_robust_list(0x5555562186a0, 24) = 0 [pid 6331] chdir("./433") = 0 [pid 6331] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6331] setpgid(0, 0) = 0 [pid 6331] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6331] write(3, "1000", 4) = 4 [pid 6331] close(3) = 0 [pid 6331] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6331] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6331] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6331] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6332 attached => {parent_tid=[6332]}, 88) = 6332 [pid 6332] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], [pid 6332] <... rseq resumed>) = 0 [pid 6331] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6331] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] rt_sigprocmask(SIG_SETMASK, [], [pid 6331] <... futex resumed>) = 0 [pid 6332] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6332] memfd_create("syzkaller", 0 [pid 6331] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6332] <... memfd_create resumed>) = 3 [pid 6332] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6332] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6332] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6332] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6332] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6332] close(3) = 0 [pid 6332] mkdir("./file0", 0777) = 0 [pid 6332] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6332] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6332] chdir("./file0") = 0 [pid 6332] ioctl(4, LOOP_CLR_FD) = 0 [pid 6332] close(4) = 0 [pid 6332] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] <... futex resumed>) = 0 [pid 6332] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... futex resumed>) = 0 [pid 6331] <... futex resumed>) = 1 [pid 6332] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6331] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] <... open resumed>) = 4 [pid 6332] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] <... futex resumed>) = 0 [pid 6332] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6331] <... futex resumed>) = 0 [pid 6332] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6331] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6332] <... open resumed>) = 5 [pid 6332] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6331] <... futex resumed>) = 0 [pid 6332] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6331] <... futex resumed>) = 0 [pid 6332] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6331] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6332] <... mmap resumed>) = 0x20000000 [pid 6331] <... futex resumed>) = 0 [pid 6331] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6332] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6331] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6331] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6332] <... futex resumed>) = 0 [pid 6332] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6331] <... mprotect resumed>) = 0 [pid 6331] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6331] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6333]}, 88) = 6333 [pid 6331] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6331] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6331] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6333 attached [pid 6333] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6333] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6333] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6333] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6331] <... futex resumed>) = ? [pid 6332] <... futex resumed>) = ? [pid 6333] +++ killed by SIGBUS +++ [pid 6332] +++ killed by SIGBUS +++ [pid 6331] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6331, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./433", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./433/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./433/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./433/binderfs") = 0 [ 121.789333][ T6332] loop0: detected capacity change from 0 to 2048 [ 121.800789][ T6332] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./433/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./433/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./433/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./433/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./433") = 0 mkdir("./434", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6334 attached , child_tidptr=0x555556218690) = 6334 [pid 6334] set_robust_list(0x5555562186a0, 24) = 0 [pid 6334] chdir("./434") = 0 [pid 6334] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6334] setpgid(0, 0) = 0 [pid 6334] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6334] write(3, "1000", 4) = 4 [pid 6334] close(3) = 0 [pid 6334] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6334] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6334] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6334] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6335]}, 88) = 6335 ./strace-static-x86_64: Process 6335 attached [pid 6334] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6334] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6334] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6335] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6335] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6335] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6335] memfd_create("syzkaller", 0) = 3 [pid 6335] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6335] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6335] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6335] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6335] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6335] close(3) = 0 [pid 6335] mkdir("./file0", 0777) = 0 [pid 6335] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6335] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6335] chdir("./file0") = 0 [pid 6335] ioctl(4, LOOP_CLR_FD) = 0 [pid 6335] close(4) = 0 [pid 6335] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6335] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6334] <... futex resumed>) = 0 [pid 6335] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6334] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6335] <... open resumed>) = 4 [pid 6335] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6334] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6335] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6334] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6335] <... open resumed>) = 5 [pid 6335] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6334] <... futex resumed>) = 0 [pid 6334] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] <... futex resumed>) = 1 [pid 6334] <... futex resumed>) = 0 [pid 6334] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6335] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6334] <... futex resumed>) = 0 [pid 6334] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6335] <... mmap resumed>) = 0x20000000 [pid 6334] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6334] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6335] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6335] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6334] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6334] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6336]}, 88) = 6336 [pid 6334] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6336 attached [pid 6336] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6336] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6334] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6336] rt_sigprocmask(SIG_SETMASK, [], [pid 6334] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6336] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6334] <... futex resumed>) = 0 [pid 6334] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6336] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6335] <... futex resumed>) = ? [pid 6334] <... futex resumed>) = ? [pid 6336] +++ killed by SIGBUS +++ [pid 6335] +++ killed by SIGBUS +++ [pid 6334] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6334, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./434", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./434/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./434/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./434/binderfs") = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./434/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./434/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./434/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 [ 121.904549][ T6335] loop0: detected capacity change from 0 to 2048 [ 121.916612][ T6335] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./434/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./434") = 0 mkdir("./435", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6337 attached , child_tidptr=0x555556218690) = 6337 [pid 6337] set_robust_list(0x5555562186a0, 24) = 0 [pid 6337] chdir("./435") = 0 [pid 6337] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6337] setpgid(0, 0) = 0 [pid 6337] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6337] write(3, "1000", 4) = 4 [pid 6337] close(3) = 0 [pid 6337] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6337] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6337] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6337] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6338 attached [pid 6338] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6337] <... clone3 resumed> => {parent_tid=[6338]}, 88) = 6338 [pid 6338] <... rseq resumed>) = 0 [pid 6337] rt_sigprocmask(SIG_SETMASK, [], [pid 6338] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6337] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6338] rt_sigprocmask(SIG_SETMASK, [], [pid 6337] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6337] <... futex resumed>) = 0 [pid 6338] memfd_create("syzkaller", 0 [pid 6337] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6338] <... memfd_create resumed>) = 3 [pid 6338] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6338] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6338] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6338] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6338] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6338] close(3) = 0 [pid 6338] mkdir("./file0", 0777) = 0 [pid 6338] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6338] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6338] chdir("./file0") = 0 [pid 6338] ioctl(4, LOOP_CLR_FD) = 0 [pid 6338] close(4) = 0 [pid 6338] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6338] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] <... futex resumed>) = 0 [pid 6338] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6337] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... open resumed>) = 4 [pid 6338] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6338] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] <... futex resumed>) = 0 [pid 6338] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6337] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6338] <... open resumed>) = 5 [pid 6338] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6337] <... futex resumed>) = 0 [pid 6338] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6337] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6338] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6337] <... futex resumed>) = 0 [pid 6338] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6337] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6337] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6338] <... mmap resumed>) = 0x20000000 [pid 6337] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6337] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6337] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6339 attached => {parent_tid=[6339]}, 88) = 6339 [pid 6337] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6339] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6337] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6339] <... rseq resumed>) = 0 [pid 6337] <... futex resumed>) = 0 [pid 6339] set_robust_list(0x7f3dc0d559a0, 24 [pid 6337] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6339] <... set_robust_list resumed>) = 0 [pid 6338] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6338] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6339] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6339] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6338] <... futex resumed>) = ? [pid 6338] +++ killed by SIGBUS +++ [pid 6337] <... futex resumed>) = ? [pid 6339] +++ killed by SIGBUS +++ [pid 6337] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6337, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./435", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./435/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 122.008293][ T6338] loop0: detected capacity change from 0 to 2048 [ 122.022590][ T6338] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./435/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./435/binderfs") = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./435/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./435/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./435/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./435/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./435") = 0 mkdir("./436", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6340 ./strace-static-x86_64: Process 6340 attached [pid 6340] set_robust_list(0x5555562186a0, 24) = 0 [pid 6340] chdir("./436") = 0 [pid 6340] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6340] setpgid(0, 0) = 0 [pid 6340] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6340] write(3, "1000", 4) = 4 [pid 6340] close(3) = 0 [pid 6340] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6340] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6340] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6340] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6340] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6341 attached => {parent_tid=[6341]}, 88) = 6341 [pid 6341] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6341] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6341] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6340] rt_sigprocmask(SIG_SETMASK, [], [pid 6341] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6340] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = 0 [pid 6340] <... futex resumed>) = 1 [pid 6341] memfd_create("syzkaller", 0 [pid 6340] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6341] <... memfd_create resumed>) = 3 [pid 6341] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6341] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6341] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6341] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6341] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6341] close(3) = 0 [pid 6341] mkdir("./file0", 0777) = 0 [pid 6341] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6341] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6341] chdir("./file0") = 0 [pid 6341] ioctl(4, LOOP_CLR_FD) = 0 [pid 6341] close(4) = 0 [pid 6341] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6341] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6340] <... futex resumed>) = 0 [pid 6340] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... futex resumed>) = 0 [pid 6340] <... futex resumed>) = 1 [pid 6341] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6340] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6341] <... open resumed>) = 4 [pid 6341] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6340] <... futex resumed>) = 0 [pid 6341] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6340] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] <... open resumed>) = 5 [pid 6340] <... futex resumed>) = 0 [pid 6341] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6340] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6341] <... futex resumed>) = 0 [pid 6340] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6341] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6340] <... futex resumed>) = 0 [pid 6341] <... mmap resumed>) = 0x20000000 [pid 6340] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6340] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6341] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6341] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6340] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6340] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6340] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6340] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6342 attached [pid 6342] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6340] <... clone3 resumed> => {parent_tid=[6342]}, 88) = 6342 [pid 6342] <... rseq resumed>) = 0 [pid 6340] rt_sigprocmask(SIG_SETMASK, [], [pid 6342] set_robust_list(0x7f3dc0d559a0, 24 [pid 6340] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6342] <... set_robust_list resumed>) = 0 [pid 6340] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6342] rt_sigprocmask(SIG_SETMASK, [], [pid 6340] <... futex resumed>) = 0 [pid 6342] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6340] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6342] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6341] <... futex resumed>) = ? [pid 6340] <... futex resumed>) = ? [pid 6342] +++ killed by SIGBUS +++ [pid 6341] +++ killed by SIGBUS +++ [pid 6340] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6340, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./436", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./436/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./436/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./436/binderfs") = 0 [ 122.143764][ T6341] loop0: detected capacity change from 0 to 2048 [ 122.155887][ T6341] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./436/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./436/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./436/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./436/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./436") = 0 mkdir("./437", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6343 attached , child_tidptr=0x555556218690) = 6343 [pid 6343] set_robust_list(0x5555562186a0, 24) = 0 [pid 6343] chdir("./437") = 0 [pid 6343] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6343] setpgid(0, 0) = 0 [pid 6343] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6343] write(3, "1000", 4) = 4 [pid 6343] close(3) = 0 [pid 6343] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6343] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6343] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6343] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6344 attached => {parent_tid=[6344]}, 88) = 6344 [pid 6344] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6343] rt_sigprocmask(SIG_SETMASK, [], [pid 6344] set_robust_list(0x7f3dc90769a0, 24 [pid 6343] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6344] <... set_robust_list resumed>) = 0 [pid 6343] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] rt_sigprocmask(SIG_SETMASK, [], [pid 6343] <... futex resumed>) = 0 [pid 6344] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6343] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6344] memfd_create("syzkaller", 0) = 3 [pid 6344] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6344] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6344] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6344] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6344] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6344] close(3) = 0 [pid 6344] mkdir("./file0", 0777) = 0 [pid 6344] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6344] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6344] chdir("./file0") = 0 [pid 6344] ioctl(4, LOOP_CLR_FD) = 0 [pid 6344] close(4) = 0 [pid 6344] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6343] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6343] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6344] <... futex resumed>) = 1 [pid 6344] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6344] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6344] <... futex resumed>) = 1 [pid 6343] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6343] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6344] <... open resumed>) = 5 [pid 6344] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... futex resumed>) = 0 [pid 6343] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6344] <... futex resumed>) = 1 [pid 6343] <... futex resumed>) = 0 [pid 6344] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6343] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6344] <... mmap resumed>) = 0x20000000 [pid 6343] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6343] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6344] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6343] <... mprotect resumed>) = 0 [pid 6344] <... futex resumed>) = 0 [pid 6344] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6343] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6343] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6345 attached => {parent_tid=[6345]}, 88) = 6345 [pid 6343] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6345] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6343] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6345] <... rseq resumed>) = 0 [pid 6345] set_robust_list(0x7f3dc0d559a0, 24 [pid 6343] <... futex resumed>) = 0 [pid 6345] <... set_robust_list resumed>) = 0 [pid 6345] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6343] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6345] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6344] <... futex resumed>) = ? [pid 6343] <... futex resumed>) = ? [pid 6345] +++ killed by SIGBUS +++ [pid 6344] +++ killed by SIGBUS +++ [pid 6343] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6343, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./437", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./437/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./437/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./437/binderfs") = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./437/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./437/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./437/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./437/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./437") = 0 [ 122.239323][ T6344] loop0: detected capacity change from 0 to 2048 [ 122.250016][ T6344] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./438", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6346 attached , child_tidptr=0x555556218690) = 6346 [pid 6346] set_robust_list(0x5555562186a0, 24) = 0 [pid 6346] chdir("./438") = 0 [pid 6346] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6346] setpgid(0, 0) = 0 [pid 6346] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6346] write(3, "1000", 4) = 4 [pid 6346] close(3) = 0 [pid 6346] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6346] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6346] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6346] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6347 attached => {parent_tid=[6347]}, 88) = 6347 [pid 6347] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 6347] <... rseq resumed>) = 0 [pid 6347] set_robust_list(0x7f3dc90769a0, 24 [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6347] <... set_robust_list resumed>) = 0 [pid 6346] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] rt_sigprocmask(SIG_SETMASK, [], [pid 6346] <... futex resumed>) = 0 [pid 6347] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6346] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6347] memfd_create("syzkaller", 0) = 3 [pid 6347] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6347] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6347] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6347] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6347] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6347] close(3) = 0 [pid 6347] mkdir("./file0", 0777) = 0 [ 122.317414][ T6347] __do_sys_memfd_create: 33 callbacks suppressed [ 122.317432][ T6347] syz-executor183[6347]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 122.355788][ T6347] loop0: detected capacity change from 0 to 2048 [pid 6347] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6347] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6347] chdir("./file0") = 0 [pid 6347] ioctl(4, LOOP_CLR_FD) = 0 [pid 6347] close(4) = 0 [pid 6347] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... futex resumed>) = 1 [pid 6347] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6347] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] <... futex resumed>) = 1 [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6347] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6346] <... futex resumed>) = 0 [pid 6347] <... futex resumed>) = 1 [pid 6346] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6347] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6346] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6346] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6347] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6346] <... mprotect resumed>) = 0 [pid 6347] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6346] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6346] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6348 attached [pid 6348] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6348] set_robust_list(0x7f3dc0d559a0, 24 [pid 6346] <... clone3 resumed> => {parent_tid=[6348]}, 88) = 6348 [pid 6348] <... set_robust_list resumed>) = 0 [pid 6346] rt_sigprocmask(SIG_SETMASK, [], [pid 6348] rt_sigprocmask(SIG_SETMASK, [], [pid 6346] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6348] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6346] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6348] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6346] <... futex resumed>) = 0 [pid 6346] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6347] <... futex resumed>) = ? [pid 6346] <... futex resumed>) = ? [pid 6348] +++ killed by SIGBUS +++ [pid 6347] +++ killed by SIGBUS +++ [pid 6346] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6346, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./438", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./438/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./438/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./438/binderfs") = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./438/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./438/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./438/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./438/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./438") = 0 mkdir("./439", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 122.367894][ T6347] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6349 attached , child_tidptr=0x555556218690) = 6349 [pid 6349] set_robust_list(0x5555562186a0, 24) = 0 [pid 6349] chdir("./439") = 0 [pid 6349] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6349] setpgid(0, 0) = 0 [pid 6349] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6349] write(3, "1000", 4) = 4 [pid 6349] close(3) = 0 [pid 6349] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6349] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6349] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6349] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6350]}, 88) = 6350 ./strace-static-x86_64: Process 6350 attached [pid 6350] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6349] rt_sigprocmask(SIG_SETMASK, [], [pid 6350] <... rseq resumed>) = 0 [pid 6350] set_robust_list(0x7f3dc90769a0, 24 [pid 6349] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6350] <... set_robust_list resumed>) = 0 [pid 6349] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6350] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6349] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6350] memfd_create("syzkaller", 0) = 3 [pid 6350] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6350] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6350] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6350] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6350] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6350] close(3) = 0 [pid 6350] mkdir("./file0", 0777) = 0 [pid 6350] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6350] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6350] chdir("./file0") = 0 [pid 6350] ioctl(4, LOOP_CLR_FD) = 0 [pid 6350] close(4) = 0 [pid 6350] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6349] <... futex resumed>) = 0 [pid 6349] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6350] <... futex resumed>) = 0 [pid 6349] <... futex resumed>) = 1 [pid 6350] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6349] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6350] <... open resumed>) = 4 [pid 6350] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] <... futex resumed>) = 0 [pid 6350] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6349] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6350] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6349] <... futex resumed>) = 0 [pid 6350] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6349] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6350] <... open resumed>) = 5 [pid 6350] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = 0 [pid 6349] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6349] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6349] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6349] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6351]}, 88) = 6351 [pid 6349] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6349] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6351 attached [pid 6349] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6351] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6351] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6351] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6351] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6350] <... futex resumed>) = 1 [pid 6350] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6351] <... open resumed>) = 6 [pid 6350] <... mmap resumed>) = 0x20000000 [pid 6351] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6350] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = 0 [pid 6351] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6349] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = 0 [pid 6349] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=49000000} [pid 6350] <... futex resumed>) = 1 [pid 6350] write(6, 0x20000000, 34136651) = -1 EFAULT (Bad address) [pid 6350] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6349] <... futex resumed>) = 0 [pid 6349] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6349] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6350] <... futex resumed>) = 1 [pid 6350] ftruncate(4, 2) = 0 [pid 6350] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6349] <... futex resumed>) = 0 [pid 6349] exit_group(0 [pid 6350] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6351] <... futex resumed>) = ? [pid 6351] +++ exited with 0 +++ [pid 6350] <... futex resumed>) = ? [pid 6349] <... exit_group resumed>) = ? [pid 6350] +++ exited with 0 +++ [pid 6349] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6349, si_uid=0, si_status=0, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./439", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./439/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./439/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./439/binderfs") = 0 [ 122.437326][ T6350] syz-executor183[6350]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 122.460344][ T6350] loop0: detected capacity change from 0 to 2048 [ 122.471716][ T6350] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./439/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./439/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./439/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./439/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./439") = 0 mkdir("./440", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6352 attached , child_tidptr=0x555556218690) = 6352 [pid 6352] set_robust_list(0x5555562186a0, 24) = 0 [pid 6352] chdir("./440") = 0 [pid 6352] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6352] setpgid(0, 0) = 0 [pid 6352] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6352] write(3, "1000", 4) = 4 [pid 6352] close(3) = 0 [pid 6352] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6352] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6352] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6352] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6353]}, 88) = 6353 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6352] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6353 attached ) = 0 [pid 6352] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6353] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6353] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6353] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6353] memfd_create("syzkaller", 0) = 3 [pid 6353] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6353] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6353] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6353] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6353] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6353] close(3) = 0 [pid 6353] mkdir("./file0", 0777) = 0 [pid 6353] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6353] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6353] chdir("./file0") = 0 [pid 6353] ioctl(4, LOOP_CLR_FD) = 0 [pid 6353] close(4) = 0 [pid 6353] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6353] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] <... futex resumed>) = 0 [pid 6352] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] <... futex resumed>) = 0 [pid 6352] <... futex resumed>) = 1 [pid 6353] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6352] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] <... open resumed>) = 4 [pid 6353] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = 0 [pid 6352] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] <... futex resumed>) = 1 [pid 6353] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6353] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6352] <... futex resumed>) = 0 [pid 6353] <... futex resumed>) = 1 [pid 6352] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6353] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6352] <... futex resumed>) = 0 [pid 6353] <... mmap resumed>) = 0x20000000 [pid 6352] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6353] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6352] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6353] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6352] <... mprotect resumed>) = 0 [pid 6352] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6352] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6354 attached => {parent_tid=[6354]}, 88) = 6354 [pid 6354] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6352] rt_sigprocmask(SIG_SETMASK, [], [pid 6354] set_robust_list(0x7f3dc0d559a0, 24 [pid 6352] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6354] <... set_robust_list resumed>) = 0 [pid 6352] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6354] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6352] <... futex resumed>) = 0 [pid 6354] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6352] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6353] <... futex resumed>) = ? [pid 6353] +++ killed by SIGBUS +++ [pid 6352] <... futex resumed>) = ? [pid 6354] +++ killed by SIGBUS +++ [pid 6352] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6352, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./440", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./440/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./440/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./440/binderfs") = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./440/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./440/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./440/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./440/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 122.555822][ T6353] syz-executor183[6353]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 122.582395][ T6353] loop0: detected capacity change from 0 to 2048 [ 122.594797][ T6353] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./440") = 0 mkdir("./441", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6355 attached , child_tidptr=0x555556218690) = 6355 [pid 6355] set_robust_list(0x5555562186a0, 24) = 0 [pid 6355] chdir("./441") = 0 [pid 6355] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6355] setpgid(0, 0) = 0 [pid 6355] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6355] write(3, "1000", 4) = 4 [pid 6355] close(3) = 0 [pid 6355] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6355] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6355] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6355] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6355] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6356]}, 88) = 6356 [pid 6355] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6355] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6356 attached [pid 6356] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6356] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6356] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6356] memfd_create("syzkaller", 0) = 3 [pid 6356] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6356] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6356] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6356] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6356] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6356] close(3) = 0 [pid 6356] mkdir("./file0", 0777) = 0 [ 122.657324][ T6356] syz-executor183[6356]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 122.690917][ T6356] loop0: detected capacity change from 0 to 2048 [pid 6356] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6356] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6356] chdir("./file0") = 0 [pid 6356] ioctl(4, LOOP_CLR_FD) = 0 [pid 6356] close(4) = 0 [pid 6356] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6356] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] <... futex resumed>) = 0 [pid 6355] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6356] <... futex resumed>) = 0 [pid 6356] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6355] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... open resumed>) = 4 [pid 6356] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6355] <... futex resumed>) = 0 [pid 6356] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 0 [pid 6355] <... futex resumed>) = 1 [pid 6356] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6355] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6356] <... open resumed>) = 5 [pid 6356] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6355] <... futex resumed>) = 0 [pid 6355] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6356] <... futex resumed>) = 1 [pid 6355] <... futex resumed>) = 0 [pid 6356] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6356] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6355] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6356] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6355] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6355] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6355] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6357 attached [pid 6357] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6355] <... clone3 resumed> => {parent_tid=[6357]}, 88) = 6357 [pid 6357] <... rseq resumed>) = 0 [pid 6355] rt_sigprocmask(SIG_SETMASK, [], [pid 6357] set_robust_list(0x7f3dc0d559a0, 24 [pid 6355] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6357] <... set_robust_list resumed>) = 0 [pid 6355] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6357] rt_sigprocmask(SIG_SETMASK, [], [pid 6355] <... futex resumed>) = 0 [pid 6357] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6355] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6357] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6356] <... futex resumed>) = ? [pid 6355] <... futex resumed>) = ? [pid 6357] +++ killed by SIGBUS +++ [pid 6356] +++ killed by SIGBUS +++ [pid 6355] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6355, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./441", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./441/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./441/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./441/binderfs") = 0 [ 122.704043][ T6356] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./441/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./441/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./441/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./441/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./441") = 0 mkdir("./442", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6358 attached , child_tidptr=0x555556218690) = 6358 [pid 6358] set_robust_list(0x5555562186a0, 24) = 0 [pid 6358] chdir("./442") = 0 [pid 6358] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6358] setpgid(0, 0) = 0 [pid 6358] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6358] write(3, "1000", 4) = 4 [pid 6358] close(3) = 0 [pid 6358] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6358] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6358] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6358] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6358] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6359 attached => {parent_tid=[6359]}, 88) = 6359 [pid 6359] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6358] rt_sigprocmask(SIG_SETMASK, [], [pid 6359] <... rseq resumed>) = 0 [pid 6358] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6359] set_robust_list(0x7f3dc90769a0, 24 [pid 6358] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... set_robust_list resumed>) = 0 [pid 6358] <... futex resumed>) = 0 [pid 6359] rt_sigprocmask(SIG_SETMASK, [], [pid 6358] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6359] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6359] memfd_create("syzkaller", 0) = 3 [pid 6359] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6359] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6359] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6359] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6359] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6359] close(3) = 0 [pid 6359] mkdir("./file0", 0777) = 0 [ 122.777909][ T6359] syz-executor183[6359]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 122.808373][ T6359] loop0: detected capacity change from 0 to 2048 [pid 6359] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6359] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6359] chdir("./file0") = 0 [pid 6359] ioctl(4, LOOP_CLR_FD) = 0 [pid 6359] close(4) = 0 [pid 6359] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = 1 [pid 6359] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6358] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... open resumed>) = 4 [pid 6359] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = 1 [pid 6359] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6358] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... open resumed>) = 5 [pid 6359] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6359] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] <... futex resumed>) = 0 [pid 6358] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6359] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = 1 [pid 6359] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6358] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6358] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6358] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6359] <... mmap resumed>) = 0x20000000 [pid 6358] <... mprotect resumed>) = 0 [pid 6358] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6359] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6359] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6358] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6360 attached [pid 6360] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6360] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6360] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6358] <... clone3 resumed> => {parent_tid=[6360]}, 88) = 6360 [pid 6360] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6358] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6358] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6360] <... futex resumed>) = 0 [pid 6358] <... futex resumed>) = 1 [pid 6360] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6358] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6359] <... futex resumed>) = ? [pid 6359] +++ killed by SIGBUS +++ [pid 6358] <... futex resumed>) = ? [pid 6360] +++ killed by SIGBUS +++ [pid 6358] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6358, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./442", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./442/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./442/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./442/binderfs") = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 122.819844][ T6359] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./442/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./442/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./442/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./442/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./442") = 0 mkdir("./443", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6361 ./strace-static-x86_64: Process 6361 attached [pid 6361] set_robust_list(0x5555562186a0, 24) = 0 [pid 6361] chdir("./443") = 0 [pid 6361] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6361] setpgid(0, 0) = 0 [pid 6361] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6361] write(3, "1000", 4) = 4 [pid 6361] close(3) = 0 [pid 6361] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6361] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6361] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6361] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6361] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6361] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6361] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6362 attached => {parent_tid=[6362]}, 88) = 6362 [pid 6361] rt_sigprocmask(SIG_SETMASK, [], [pid 6362] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6361] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6362] <... rseq resumed>) = 0 [pid 6361] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] set_robust_list(0x7f3dc90769a0, 24 [pid 6361] <... futex resumed>) = 0 [pid 6362] <... set_robust_list resumed>) = 0 [pid 6361] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6362] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6362] memfd_create("syzkaller", 0) = 3 [pid 6362] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6362] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6362] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6362] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6362] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6362] close(3) = 0 [pid 6362] mkdir("./file0", 0777) = 0 [pid 6362] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6362] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6362] chdir("./file0") = 0 [pid 6362] ioctl(4, LOOP_CLR_FD) = 0 [pid 6362] close(4) = 0 [pid 6362] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6361] <... futex resumed>) = 0 [pid 6362] <... futex resumed>) = 1 [pid 6362] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6361] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6361] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6362] <... open resumed>) = 4 [pid 6362] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6362] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] <... futex resumed>) = 0 [pid 6361] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6362] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6362] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6362] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6361] <... futex resumed>) = 1 [pid 6361] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6361] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = 0 [pid 6361] <... futex resumed>) = 1 [pid 6362] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6361] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6362] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6361] <... futex resumed>) = 0 [pid 6362] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6362] +++ killed by SIGBUS +++ [pid 6361] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6361, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./443", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./443/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./443/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./443/binderfs") = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./443/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./443/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./443/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./443/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./443") = 0 mkdir("./444", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6363 ./strace-static-x86_64: Process 6363 attached [pid 6363] set_robust_list(0x5555562186a0, 24) = 0 [pid 6363] chdir("./444") = 0 [pid 6363] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6363] setpgid(0, 0) = 0 [ 122.904905][ T6362] syz-executor183[6362]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 122.934487][ T6362] loop0: detected capacity change from 0 to 2048 [ 122.945930][ T6362] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6363] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6363] write(3, "1000", 4) = 4 [pid 6363] close(3) = 0 [pid 6363] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6363] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6363] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6363] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6364 attached => {parent_tid=[6364]}, 88) = 6364 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6363] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6364] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6364] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6364] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6364] memfd_create("syzkaller", 0) = 3 [pid 6364] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6364] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6364] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6364] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6364] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6364] close(3) = 0 [pid 6364] mkdir("./file0", 0777) = 0 [ 122.995910][ T6364] syz-executor183[6364]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 123.030659][ T6364] loop0: detected capacity change from 0 to 2048 [pid 6364] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6364] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6364] chdir("./file0") = 0 [pid 6364] ioctl(4, LOOP_CLR_FD) = 0 [pid 6364] close(4) = 0 [pid 6364] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6364] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6363] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6364] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] <... open resumed>) = 4 [pid 6364] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6364] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6363] <... futex resumed>) = 0 [pid 6363] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6363] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6363] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6363] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6365]}, 88) = 6365 [pid 6363] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6363] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6363] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6364] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6365] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6365] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6365] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6365] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6364] <... futex resumed>) = ? [pid 6364] +++ killed by SIGBUS +++ [pid 6363] <... futex resumed>) = ? [pid 6365] +++ killed by SIGBUS +++ [pid 6363] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6363, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./444", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./444/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./444/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./444/binderfs") = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./444/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./444/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./444/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./444/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./444") = 0 mkdir("./445", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6366 attached , child_tidptr=0x555556218690) = 6366 [pid 6366] set_robust_list(0x5555562186a0, 24) = 0 [pid 6366] chdir("./445") = 0 [pid 6366] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6366] setpgid(0, 0) = 0 [pid 6366] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6366] write(3, "1000", 4) = 4 [pid 6366] close(3) = 0 [pid 6366] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6366] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [ 123.042984][ T6364] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6366] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6366] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6366] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6367 attached => {parent_tid=[6367]}, 88) = 6367 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], [pid 6367] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6366] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6367] <... rseq resumed>) = 0 [pid 6367] set_robust_list(0x7f3dc90769a0, 24 [pid 6366] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... set_robust_list resumed>) = 0 [pid 6367] rt_sigprocmask(SIG_SETMASK, [], [pid 6366] <... futex resumed>) = 0 [pid 6367] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6366] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6367] memfd_create("syzkaller", 0) = 3 [pid 6367] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6367] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6367] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6367] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6367] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6367] close(3) = 0 [pid 6367] mkdir("./file0", 0777) = 0 [pid 6367] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6367] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6367] chdir("./file0") = 0 [pid 6367] ioctl(4, LOOP_CLR_FD) = 0 [pid 6367] close(4) = 0 [pid 6367] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] <... futex resumed>) = 0 [pid 6367] <... futex resumed>) = 1 [pid 6367] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = 0 [pid 6367] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6366] <... futex resumed>) = 1 [pid 6366] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6367] <... open resumed>) = 4 [pid 6367] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6367] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] <... futex resumed>) = 0 [pid 6366] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = 0 [pid 6366] <... futex resumed>) = 1 [pid 6367] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6367] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6367] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6366] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... futex resumed>) = 0 [pid 6366] <... futex resumed>) = 1 [pid 6367] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6366] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6367] <... mmap resumed>) = 0x20000000 [pid 6366] <... futex resumed>) = 0 [pid 6367] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6366] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6367] <... futex resumed>) = 0 [pid 6366] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6367] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6366] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6366] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6366] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6368]}, 88) = 6368 [pid 6366] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6366] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6366] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6368 attached [pid 6368] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6368] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6368] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6368] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6366] <... futex resumed>) = ? [pid 6367] <... futex resumed>) = ? [pid 6367] +++ killed by SIGBUS +++ [pid 6368] +++ killed by SIGBUS +++ [pid 6366] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6366, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./445", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./445", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./445/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./445/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./445/binderfs") = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./445/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./445/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 123.119242][ T6367] syz-executor183[6367]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 123.147319][ T6367] loop0: detected capacity change from 0 to 2048 [ 123.158596][ T6367] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "./445/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./445/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./445") = 0 mkdir("./446", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6369 attached , child_tidptr=0x555556218690) = 6369 [pid 6369] set_robust_list(0x5555562186a0, 24) = 0 [pid 6369] chdir("./446") = 0 [pid 6369] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6369] setpgid(0, 0) = 0 [pid 6369] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6369] write(3, "1000", 4) = 4 [pid 6369] close(3) = 0 [pid 6369] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6369] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6369] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6369] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6369] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6370]}, 88) = 6370 ./strace-static-x86_64: Process 6370 attached [pid 6369] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6369] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6370] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6370] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6370] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6370] memfd_create("syzkaller", 0) = 3 [pid 6370] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6370] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6370] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6370] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6370] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6370] close(3) = 0 [pid 6370] mkdir("./file0", 0777) = 0 [pid 6370] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6370] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6370] chdir("./file0") = 0 [pid 6370] ioctl(4, LOOP_CLR_FD) = 0 [pid 6370] close(4) = 0 [pid 6370] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... futex resumed>) = 1 [pid 6370] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6370] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6370] <... futex resumed>) = 1 [pid 6370] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6370] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6369] <... futex resumed>) = 0 [pid 6369] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6369] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6369] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6370] <... futex resumed>) = 1 [pid 6369] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6370] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6369] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6370] <... mmap resumed>) = 0x20000000 [pid 6369] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6371]}, 88) = 6371 ./strace-static-x86_64: Process 6371 attached [pid 6371] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6371] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6369] rt_sigprocmask(SIG_SETMASK, [], [pid 6371] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6371] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6369] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6369] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6371] <... futex resumed>) = 0 [pid 6369] <... futex resumed>) = 1 [pid 6369] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6371] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6369] <... futex resumed>) = ? [pid 6371] +++ killed by SIGBUS +++ [pid 6370] +++ killed by SIGBUS +++ [pid 6369] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6369, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./446", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./446/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./446/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./446/binderfs") = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./446/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./446/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./446/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./446/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 123.228805][ T6370] syz-executor183[6370]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 123.252093][ T6370] loop0: detected capacity change from 0 to 2048 [ 123.263130][ T6370] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./446") = 0 mkdir("./447", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6372 attached , child_tidptr=0x555556218690) = 6372 [pid 6372] set_robust_list(0x5555562186a0, 24) = 0 [pid 6372] chdir("./447") = 0 [pid 6372] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6372] setpgid(0, 0) = 0 [pid 6372] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6372] write(3, "1000", 4) = 4 [pid 6372] close(3) = 0 [pid 6372] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6372] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6372] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6372] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6373 attached => {parent_tid=[6373]}, 88) = 6373 [pid 6372] rt_sigprocmask(SIG_SETMASK, [], [pid 6373] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6372] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6373] <... rseq resumed>) = 0 [pid 6373] set_robust_list(0x7f3dc90769a0, 24 [pid 6372] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... set_robust_list resumed>) = 0 [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6373] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6373] memfd_create("syzkaller", 0) = 3 [pid 6373] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6373] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6373] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6373] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6373] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6373] close(3) = 0 [pid 6373] mkdir("./file0", 0777) = 0 [ 123.336350][ T6373] syz-executor183[6373]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 123.369607][ T6373] loop0: detected capacity change from 0 to 2048 [pid 6373] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6373] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6373] chdir("./file0") = 0 [pid 6373] ioctl(4, LOOP_CLR_FD) = 0 [pid 6373] close(4) = 0 [pid 6373] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = 1 [pid 6373] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6372] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... open resumed>) = 4 [pid 6373] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6372] <... futex resumed>) = 0 [pid 6373] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6372] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] <... open resumed>) = 5 [pid 6372] <... futex resumed>) = 0 [pid 6373] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6372] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6373] <... futex resumed>) = 0 [pid 6372] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6372] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6373] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6372] <... futex resumed>) = 0 [pid 6372] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6373] <... mmap resumed>) = 0x20000000 [pid 6372] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6373] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6373] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6372] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6372] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6372] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6372] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6374]}, 88) = 6374 [pid 6372] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6372] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6372] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6374 attached [pid 6374] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6374] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6374] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6374] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [ 123.380490][ T6373] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6373] <... futex resumed>) = ? [pid 6372] <... futex resumed>) = ? [pid 6374] +++ killed by SIGBUS +++ [pid 6373] +++ killed by SIGBUS +++ [pid 6372] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6372, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./447", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./447/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./447/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./447/binderfs") = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./447/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./447/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./447/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./447/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./447") = 0 mkdir("./448", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6375 attached , child_tidptr=0x555556218690) = 6375 [pid 6375] set_robust_list(0x5555562186a0, 24) = 0 [pid 6375] chdir("./448") = 0 [pid 6375] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6375] setpgid(0, 0) = 0 [pid 6375] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6375] write(3, "1000", 4) = 4 [pid 6375] close(3) = 0 [pid 6375] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6375] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6375] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6375] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6376]}, 88) = 6376 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6375] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6376 attached [pid 6376] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6376] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6376] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6376] memfd_create("syzkaller", 0) = 3 [pid 6376] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6376] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6376] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6376] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6376] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6376] close(3) = 0 [pid 6376] mkdir("./file0", 0777) = 0 [pid 6376] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6376] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6376] chdir("./file0") = 0 [pid 6376] ioctl(4, LOOP_CLR_FD) = 0 [pid 6376] close(4) = 0 [pid 6376] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6376] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6375] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6376] <... futex resumed>) = 0 [pid 6376] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6376] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6376] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] <... futex resumed>) = 0 [pid 6375] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = 0 [pid 6375] <... futex resumed>) = 1 [pid 6376] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6376] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6376] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6375] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6376] <... futex resumed>) = 0 [pid 6375] <... futex resumed>) = 1 [pid 6376] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6376] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6375] <... futex resumed>) = 0 [pid 6376] <... futex resumed>) = 0 [pid 6375] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6376] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6375] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6375] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6375] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6375] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6377]}, 88) = 6377 [pid 6375] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6375] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6375] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6377 attached [pid 6377] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6377] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6377] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6377] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6375] <... futex resumed>) = ? [pid 6376] <... futex resumed>) = ? [pid 6376] +++ killed by SIGBUS +++ [pid 6377] +++ killed by SIGBUS +++ [pid 6375] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6375, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./448", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./448/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./448/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./448/binderfs") = 0 [ 123.469182][ T6376] loop0: detected capacity change from 0 to 2048 [ 123.481033][ T6376] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./448/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./448/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./448/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./448/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./448") = 0 mkdir("./449", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6378 ./strace-static-x86_64: Process 6378 attached [pid 6378] set_robust_list(0x5555562186a0, 24) = 0 [pid 6378] chdir("./449") = 0 [pid 6378] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6378] setpgid(0, 0) = 0 [pid 6378] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6378] write(3, "1000", 4) = 4 [pid 6378] close(3) = 0 [pid 6378] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6378] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6378] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6378] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6379 attached => {parent_tid=[6379]}, 88) = 6379 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6378] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6379] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6378] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6379] <... rseq resumed>) = 0 [pid 6379] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6379] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6379] memfd_create("syzkaller", 0) = 3 [pid 6379] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6379] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6379] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6379] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6379] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6379] close(3) = 0 [pid 6379] mkdir("./file0", 0777) = 0 [pid 6379] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6379] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6379] chdir("./file0") = 0 [pid 6379] ioctl(4, LOOP_CLR_FD) = 0 [pid 6379] close(4) = 0 [pid 6379] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = 1 [pid 6379] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6378] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... open resumed>) = 4 [pid 6379] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = 1 [pid 6378] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6379] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6378] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6378] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6379] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6378] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6380]}, 88) = 6380 [pid 6378] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6378] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6380 attached [pid 6380] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6380] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6380] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6380] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c) = 6 [pid 6380] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6378] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6378] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6380] write(6, 0x20000000, 34136651) = -1 EFAULT (Bad address) [pid 6379] <... mmap resumed>) = 0x20000000 [pid 6380] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6380] <... futex resumed>) = 1 [pid 6379] <... futex resumed>) = 0 [pid 6378] <... futex resumed>) = 0 [pid 6380] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6379] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6379] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6378] <... futex resumed>) = 0 [pid 6379] ftruncate(4, 2 [pid 6378] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6379] <... ftruncate resumed>) = 0 [pid 6379] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6378] <... futex resumed>) = 0 [pid 6379] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6378] exit_group(0 [pid 6380] <... futex resumed>) = ? [pid 6379] <... futex resumed>) = ? [pid 6380] +++ exited with 0 +++ [pid 6379] +++ exited with 0 +++ [pid 6378] <... exit_group resumed>) = ? [pid 6378] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6378, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./449", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 [ 123.605651][ T6379] loop0: detected capacity change from 0 to 2048 [ 123.617060][ T6379] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./449/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./449/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./449/binderfs") = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./449/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./449/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./449/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./449/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./449") = 0 mkdir("./450", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6381 ./strace-static-x86_64: Process 6381 attached [pid 6381] set_robust_list(0x5555562186a0, 24) = 0 [pid 6381] chdir("./450") = 0 [pid 6381] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6381] setpgid(0, 0) = 0 [pid 6381] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6381] write(3, "1000", 4) = 4 [pid 6381] close(3) = 0 [pid 6381] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6381] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6381] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6381] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6381] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6382 attached => {parent_tid=[6382]}, 88) = 6382 [pid 6381] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6381] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6382] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6382] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6382] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6382] memfd_create("syzkaller", 0) = 3 [pid 6382] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6382] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6382] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6382] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6382] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6382] close(3) = 0 [pid 6382] mkdir("./file0", 0777) = 0 [pid 6382] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6382] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6382] chdir("./file0") = 0 [pid 6382] ioctl(4, LOOP_CLR_FD) = 0 [pid 6382] close(4) = 0 [pid 6382] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6382] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] <... futex resumed>) = 0 [pid 6382] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6381] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... open resumed>) = 4 [pid 6382] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... futex resumed>) = 1 [pid 6382] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6382] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] <... futex resumed>) = 0 [pid 6381] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6381] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6382] <... futex resumed>) = 1 [pid 6381] <... futex resumed>) = 0 [pid 6382] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6381] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6382] <... mmap resumed>) = 0x20000000 [pid 6381] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6381] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6382] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6381] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6382] <... futex resumed>) = 0 [pid 6382] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6381] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6381] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6383 attached => {parent_tid=[6383]}, 88) = 6383 [pid 6383] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6381] rt_sigprocmask(SIG_SETMASK, [], [pid 6383] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6381] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6383] rt_sigprocmask(SIG_SETMASK, [], [pid 6381] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6383] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6381] <... futex resumed>) = 0 [pid 6383] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6381] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6382] <... futex resumed>) = ? [pid 6382] +++ killed by SIGBUS +++ [pid 6381] <... futex resumed>) = ? [pid 6383] +++ killed by SIGBUS +++ [pid 6381] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6381, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./450", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./450/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./450/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./450/binderfs") = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./450/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./450/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./450/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./450/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./450") = 0 mkdir("./451", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6384 attached , child_tidptr=0x555556218690) = 6384 [pid 6384] set_robust_list(0x5555562186a0, 24) = 0 [pid 6384] chdir("./451") = 0 [pid 6384] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6384] setpgid(0, 0) = 0 [ 123.729242][ T6382] loop0: detected capacity change from 0 to 2048 [ 123.740963][ T6382] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6384] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6384] write(3, "1000", 4) = 4 [pid 6384] close(3) = 0 [pid 6384] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6384] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6384] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6384] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6384] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6384] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6385 attached => {parent_tid=[6385]}, 88) = 6385 [pid 6385] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] <... rseq resumed>) = 0 [pid 6385] set_robust_list(0x7f3dc90769a0, 24 [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6385] <... set_robust_list resumed>) = 0 [pid 6384] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6385] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6384] <... futex resumed>) = 0 [pid 6385] memfd_create("syzkaller", 0 [pid 6384] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6385] <... memfd_create resumed>) = 3 [pid 6385] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6385] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6385] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6385] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6385] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6385] close(3) = 0 [pid 6385] mkdir("./file0", 0777) = 0 [pid 6385] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6385] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6385] chdir("./file0") = 0 [pid 6385] ioctl(4, LOOP_CLR_FD) = 0 [pid 6385] close(4) = 0 [pid 6385] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] <... futex resumed>) = 1 [pid 6385] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6385] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6385] <... futex resumed>) = 0 [pid 6385] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6384] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6385] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] <... futex resumed>) = 0 [pid 6384] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6385] <... futex resumed>) = 1 [pid 6385] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< {parent_tid=[6386]}, 88) = 6386 [pid 6385] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6384] rt_sigprocmask(SIG_SETMASK, [], [pid 6385] <... futex resumed>) = 0 [pid 6385] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6384] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6384] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6384] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6386 attached [pid 6386] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6386] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6386] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6386] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6385] <... futex resumed>) = ? [pid 6384] <... futex resumed>) = ? [pid 6385] +++ killed by SIGBUS +++ [pid 6386] +++ killed by SIGBUS +++ [pid 6384] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6384, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./451", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./451/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./451/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./451/binderfs") = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./451/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./451/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./451/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 123.815158][ T6385] loop0: detected capacity change from 0 to 2048 [ 123.839260][ T6385] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./451/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./451") = 0 mkdir("./452", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6387 attached [pid 6387] set_robust_list(0x5555562186a0, 24) = 0 [pid 6387] chdir("./452") = 0 [pid 6387] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6387] setpgid(0, 0) = 0 [pid 6387] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6387] write(3, "1000", 4) = 4 [pid 6387] close(3) = 0 [pid 6387] symlink("/dev/binderfs", "./binderfs" [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6387 [pid 6387] <... symlink resumed>) = 0 [pid 6387] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6387] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6387] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6388]}, 88) = 6388 [pid 6387] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6387] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6388 attached [pid 6388] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6388] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6388] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6388] memfd_create("syzkaller", 0) = 3 [pid 6388] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6388] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6388] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6388] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6388] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6388] close(3) = 0 [pid 6388] mkdir("./file0", 0777) = 0 [pid 6388] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6388] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6388] chdir("./file0") = 0 [pid 6388] ioctl(4, LOOP_CLR_FD) = 0 [pid 6388] close(4) = 0 [pid 6388] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] <... futex resumed>) = 0 [pid 6387] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6387] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... futex resumed>) = 0 [pid 6388] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6388] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6387] <... futex resumed>) = 0 [pid 6388] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6387] <... futex resumed>) = 0 [pid 6388] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6387] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6388] <... open resumed>) = 5 [pid 6388] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6388] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] <... futex resumed>) = 0 [pid 6387] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6388] <... futex resumed>) = 0 [pid 6387] <... futex resumed>) = 1 [pid 6388] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6387] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6387] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6388] <... mmap resumed>) = 0x20000000 [pid 6387] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6388] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6388] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6387] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6387] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6387] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6389 attached => {parent_tid=[6389]}, 88) = 6389 [pid 6389] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6387] rt_sigprocmask(SIG_SETMASK, [], [pid 6389] <... rseq resumed>) = 0 [pid 6387] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6387] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6389] set_robust_list(0x7f3dc0d559a0, 24 [pid 6387] <... futex resumed>) = 0 [pid 6389] <... set_robust_list resumed>) = 0 [pid 6387] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6389] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6389] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6388] <... futex resumed>) = ? [pid 6387] <... futex resumed>) = ? [pid 6388] +++ killed by SIGBUS +++ [pid 6389] +++ killed by SIGBUS +++ [pid 6387] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6387, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./452", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./452/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./452/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./452/binderfs") = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./452/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./452/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./452/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./452/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./452") = 0 [ 123.957461][ T6388] loop0: detected capacity change from 0 to 2048 [ 123.967932][ T6388] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./453", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6390 ./strace-static-x86_64: Process 6390 attached [pid 6390] set_robust_list(0x5555562186a0, 24) = 0 [pid 6390] chdir("./453") = 0 [pid 6390] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6390] setpgid(0, 0) = 0 [pid 6390] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6390] write(3, "1000", 4) = 4 [pid 6390] close(3) = 0 [pid 6390] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6390] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6390] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6390] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6391]}, 88) = 6391 [pid 6390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6390] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6391 attached [pid 6391] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6391] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6391] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6391] memfd_create("syzkaller", 0) = 3 [pid 6391] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6391] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6391] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6391] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6391] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6391] close(3) = 0 [pid 6391] mkdir("./file0", 0777) = 0 [pid 6391] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6391] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6391] chdir("./file0") = 0 [pid 6391] ioctl(4, LOOP_CLR_FD) = 0 [pid 6391] close(4) = 0 [pid 6391] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6391] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] <... futex resumed>) = 0 [pid 6390] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = 0 [pid 6391] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6391] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] <... futex resumed>) = 1 [pid 6390] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6390] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = 0 [pid 6391] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6391] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6391] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] <... futex resumed>) = 1 [pid 6390] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6390] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6391] <... futex resumed>) = 0 [pid 6391] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 6390] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6390] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6391] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6390] <... mprotect resumed>) = 0 [pid 6391] <... futex resumed>) = 0 [pid 6391] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6390] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6390] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6392 attached => {parent_tid=[6392]}, 88) = 6392 [pid 6390] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6390] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6390] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6392] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6392] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6392] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6392] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6391] <... futex resumed>) = ? [pid 6391] +++ killed by SIGBUS +++ [pid 6390] <... futex resumed>) = ? [pid 6392] +++ killed by SIGBUS +++ [pid 6390] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6390, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./453", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./453/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./453/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./453/binderfs") = 0 [ 124.062678][ T6391] loop0: detected capacity change from 0 to 2048 [ 124.075482][ T6391] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./453/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./453/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./453/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./453/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./453") = 0 mkdir("./454", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6393 attached [pid 6393] set_robust_list(0x5555562186a0, 24) = 0 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6393 [pid 6393] chdir("./454") = 0 [pid 6393] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6393] setpgid(0, 0) = 0 [pid 6393] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6393] write(3, "1000", 4) = 4 [pid 6393] close(3) = 0 [pid 6393] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6393] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6393] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6393] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6394 attached => {parent_tid=[6394]}, 88) = 6394 [pid 6394] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6393] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6394] <... rseq resumed>) = 0 [pid 6394] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6394] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6394] memfd_create("syzkaller", 0) = 3 [pid 6394] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6394] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6394] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6394] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6394] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6394] close(3) = 0 [pid 6394] mkdir("./file0", 0777) = 0 [pid 6394] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6394] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6394] chdir("./file0") = 0 [pid 6394] ioctl(4, LOOP_CLR_FD) = 0 [pid 6394] close(4) = 0 [pid 6394] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6394] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... futex resumed>) = 0 [pid 6394] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6393] <... futex resumed>) = 1 [pid 6393] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... open resumed>) = 4 [pid 6394] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6394] <... futex resumed>) = 1 [pid 6394] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6394] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6393] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6393] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6393] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6395]}, 88) = 6395 [pid 6393] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6393] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6393] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6395 attached [pid 6395] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6395] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6395] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6395] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6394] <... futex resumed>) = 1 [pid 6394] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6395] <... open resumed>) = 6 [pid 6395] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] <... futex resumed>) = 0 [pid 6393] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6395] <... futex resumed>) = 0 [pid 6393] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6395] write(6, 0x20000000, 34136651) = -1 EFAULT (Bad address) [pid 6395] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6394] <... mmap resumed>) = 0x20000000 [pid 6395] <... futex resumed>) = 1 [pid 6395] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] <... futex resumed>) = 0 [pid 6394] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6395] <... futex resumed>) = 0 [pid 6394] <... futex resumed>) = 0 [pid 6393] <... futex resumed>) = 1 [pid 6395] ftruncate(4, 2 [pid 6394] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6393] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6395] <... ftruncate resumed>) = 0 [pid 6395] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6393] <... futex resumed>) = 0 [pid 6393] exit_group(0 [pid 6394] <... futex resumed>) = ? [pid 6394] +++ exited with 0 +++ [pid 6393] <... exit_group resumed>) = ? [pid 6395] <... futex resumed>) = ? [pid 6395] +++ exited with 0 +++ [pid 6393] +++ exited with 0 +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=6393, si_uid=0, si_status=0, si_utime=0, si_stime=1 /* 0.01 s */} --- umount2("./454", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./454/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./454/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./454/binderfs") = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./454/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./454/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./454/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./454/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./454") = 0 [ 124.185641][ T6394] loop0: detected capacity change from 0 to 2048 [ 124.196382][ T6394] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./455", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6396 ./strace-static-x86_64: Process 6396 attached [pid 6396] set_robust_list(0x5555562186a0, 24) = 0 [pid 6396] chdir("./455") = 0 [pid 6396] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6396] setpgid(0, 0) = 0 [pid 6396] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6396] write(3, "1000", 4) = 4 [pid 6396] close(3) = 0 [pid 6396] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6396] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6396] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6396] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6397 attached => {parent_tid=[6397]}, 88) = 6397 [pid 6396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6396] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6397] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6397] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6397] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6397] memfd_create("syzkaller", 0) = 3 [pid 6397] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6397] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6397] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6397] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6397] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6397] close(3) = 0 [pid 6397] mkdir("./file0", 0777) = 0 [pid 6397] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6397] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6397] chdir("./file0") = 0 [pid 6397] ioctl(4, LOOP_CLR_FD) = 0 [pid 6397] close(4) = 0 [pid 6397] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6397] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... futex resumed>) = 0 [pid 6397] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6397] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6397] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6397] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6397] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6397] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6396] <... futex resumed>) = 0 [pid 6396] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6396] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6396] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6397] <... mmap resumed>) = 0x20000000 [pid 6397] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6397] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6396] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6396] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6396] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6398 attached [pid 6398] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6398] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6398] rt_sigprocmask(SIG_SETMASK, [], [pid 6396] <... clone3 resumed> => {parent_tid=[6398]}, 88) = 6398 [pid 6398] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6398] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6396] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6396] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6398] <... futex resumed>) = 0 [pid 6398] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6396] <... futex resumed>) = 1 [pid 6396] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6397] <... futex resumed>) = ? [pid 6397] +++ killed by SIGBUS +++ [pid 6398] +++ killed by SIGBUS +++ [pid 6396] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6396, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./455", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./455/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./455/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./455/binderfs") = 0 [ 124.297193][ T6397] loop0: detected capacity change from 0 to 2048 [ 124.309080][ T6397] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./455/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./455/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./455/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./455/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./455") = 0 mkdir("./456", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6399 attached , child_tidptr=0x555556218690) = 6399 [pid 6399] set_robust_list(0x5555562186a0, 24) = 0 [pid 6399] chdir("./456") = 0 [pid 6399] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6399] setpgid(0, 0) = 0 [pid 6399] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6399] write(3, "1000", 4) = 4 [pid 6399] close(3) = 0 [pid 6399] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6399] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6399] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6399] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6400 attached [pid 6400] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6399] <... clone3 resumed> => {parent_tid=[6400]}, 88) = 6400 [pid 6400] <... rseq resumed>) = 0 [pid 6399] rt_sigprocmask(SIG_SETMASK, [], [pid 6400] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6400] rt_sigprocmask(SIG_SETMASK, [], [pid 6399] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6399] <... futex resumed>) = 0 [pid 6400] memfd_create("syzkaller", 0 [pid 6399] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6400] <... memfd_create resumed>) = 3 [pid 6400] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6400] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6400] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6400] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6400] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6400] close(3) = 0 [pid 6400] mkdir("./file0", 0777) = 0 [pid 6400] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6400] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6400] chdir("./file0") = 0 [pid 6400] ioctl(4, LOOP_CLR_FD) = 0 [pid 6400] close(4) = 0 [pid 6400] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6399] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... open resumed>) = 4 [pid 6400] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6400] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6399] <... futex resumed>) = 0 [pid 6400] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6399] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6400] <... open resumed>) = 5 [pid 6400] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6399] <... futex resumed>) = 0 [pid 6400] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6399] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6400] <... mmap resumed>) = 0x20000000 [pid 6399] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6399] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6400] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6399] <... mprotect resumed>) = 0 [pid 6400] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6399] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6399] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6401 attached => {parent_tid=[6401]}, 88) = 6401 [pid 6401] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6399] rt_sigprocmask(SIG_SETMASK, [], [pid 6401] <... rseq resumed>) = 0 [pid 6399] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6401] set_robust_list(0x7f3dc0d559a0, 24 [pid 6399] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6401] <... set_robust_list resumed>) = 0 [pid 6399] <... futex resumed>) = 0 [pid 6401] rt_sigprocmask(SIG_SETMASK, [], [pid 6399] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6401] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6401] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6400] <... futex resumed>) = ? [pid 6399] <... futex resumed>) = ? [pid 6401] +++ killed by SIGBUS +++ [pid 6400] +++ killed by SIGBUS +++ [pid 6399] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6399, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./456", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./456/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./456/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./456/binderfs") = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./456/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./456/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./456/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./456/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./456") = 0 [ 124.403782][ T6400] loop0: detected capacity change from 0 to 2048 [ 124.414835][ T6400] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./457", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6402 attached , child_tidptr=0x555556218690) = 6402 [pid 6402] set_robust_list(0x5555562186a0, 24) = 0 [pid 6402] chdir("./457") = 0 [pid 6402] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6402] setpgid(0, 0) = 0 [pid 6402] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6402] write(3, "1000", 4) = 4 [pid 6402] close(3) = 0 [pid 6402] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6402] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6402] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6402] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6403 attached [pid 6403] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6402] <... clone3 resumed> => {parent_tid=[6403]}, 88) = 6403 [pid 6402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6402] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6403] <... rseq resumed>) = 0 [pid 6403] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6403] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6403] memfd_create("syzkaller", 0) = 3 [pid 6403] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6403] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6403] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6403] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6403] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6403] close(3) = 0 [pid 6403] mkdir("./file0", 0777) = 0 [pid 6403] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6403] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6403] chdir("./file0") = 0 [pid 6403] ioctl(4, LOOP_CLR_FD) = 0 [pid 6403] close(4) = 0 [pid 6403] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6402] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6403] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6403] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6403] <... futex resumed>) = 0 [pid 6403] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6403] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6402] <... futex resumed>) = 0 [pid 6403] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6403] <... futex resumed>) = 0 [pid 6402] <... futex resumed>) = 1 [pid 6402] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6402] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6403] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6402] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6402] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6403] <... mmap resumed>) = 0x20000000 [pid 6403] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6403] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6402] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6402] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6404 attached => {parent_tid=[6404]}, 88) = 6404 [pid 6404] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6404] set_robust_list(0x7f3dc0d559a0, 24 [pid 6402] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6402] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6404] <... set_robust_list resumed>) = 0 [pid 6404] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6402] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6404] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6403] <... futex resumed>) = ? [pid 6402] <... futex resumed>) = ? [pid 6404] +++ killed by SIGBUS +++ [pid 6403] +++ killed by SIGBUS +++ [pid 6402] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6402, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./457", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./457/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./457/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 124.507081][ T6403] loop0: detected capacity change from 0 to 2048 [ 124.521289][ T6403] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./457/binderfs") = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./457/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./457/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./457/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./457/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./457") = 0 mkdir("./458", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6405 attached [pid 6405] set_robust_list(0x5555562186a0, 24) = 0 [pid 6405] chdir("./458") = 0 [pid 6405] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6405] setpgid(0, 0) = 0 [pid 6405] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6405 [pid 6405] <... openat resumed>) = 3 [pid 6405] write(3, "1000", 4) = 4 [pid 6405] close(3) = 0 [pid 6405] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6405] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6405] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6405] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6406 attached => {parent_tid=[6406]}, 88) = 6406 [pid 6406] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], [pid 6406] set_robust_list(0x7f3dc90769a0, 24 [pid 6405] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6406] <... set_robust_list resumed>) = 0 [pid 6405] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] rt_sigprocmask(SIG_SETMASK, [], [pid 6405] <... futex resumed>) = 0 [pid 6406] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6405] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6406] memfd_create("syzkaller", 0) = 3 [pid 6406] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6406] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6406] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6406] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6406] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6406] close(3) = 0 [pid 6406] mkdir("./file0", 0777) = 0 [pid 6406] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6406] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6406] chdir("./file0") = 0 [pid 6406] ioctl(4, LOOP_CLR_FD) = 0 [pid 6406] close(4) = 0 [pid 6406] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6406] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6405] <... futex resumed>) = 0 [pid 6406] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6405] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] <... open resumed>) = 4 [pid 6406] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6406] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6406] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6405] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6406] <... open resumed>) = 5 [pid 6406] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6405] <... futex resumed>) = 0 [pid 6406] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... futex resumed>) = 0 [pid 6405] <... futex resumed>) = 1 [pid 6406] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6405] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6406] <... mmap resumed>) = 0x20000000 [pid 6406] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6406] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6405] <... futex resumed>) = 0 [pid 6405] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6405] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6405] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6405] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6407 attached [pid 6407] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6405] <... clone3 resumed> => {parent_tid=[6407]}, 88) = 6407 [pid 6405] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6405] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6405] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6407] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6407] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6407] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6405] <... futex resumed>) = ? [pid 6406] <... futex resumed>) = ? [pid 6406] +++ killed by SIGBUS +++ [pid 6407] +++ killed by SIGBUS +++ [pid 6405] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6405, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./458", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./458/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./458/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./458/binderfs") = 0 [ 124.615666][ T6406] loop0: detected capacity change from 0 to 2048 [ 124.626865][ T6406] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./458/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./458/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./458/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./458/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./458") = 0 mkdir("./459", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6408 attached , child_tidptr=0x555556218690) = 6408 [pid 6408] set_robust_list(0x5555562186a0, 24) = 0 [pid 6408] chdir("./459") = 0 [pid 6408] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6408] setpgid(0, 0) = 0 [pid 6408] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6408] write(3, "1000", 4) = 4 [pid 6408] close(3) = 0 [pid 6408] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6408] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6408] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6408] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6409 attached => {parent_tid=[6409]}, 88) = 6409 [pid 6409] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], [pid 6409] set_robust_list(0x7f3dc90769a0, 24 [pid 6408] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6409] <... set_robust_list resumed>) = 0 [pid 6408] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] rt_sigprocmask(SIG_SETMASK, [], [pid 6408] <... futex resumed>) = 0 [pid 6409] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6408] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6409] memfd_create("syzkaller", 0) = 3 [pid 6409] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6409] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6409] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6409] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6409] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6409] close(3) = 0 [pid 6409] mkdir("./file0", 0777) = 0 [pid 6409] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6409] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6409] chdir("./file0") = 0 [pid 6409] ioctl(4, LOOP_CLR_FD) = 0 [pid 6409] close(4) = 0 [pid 6409] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6409] <... futex resumed>) = 0 [pid 6409] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6408] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6409] <... futex resumed>) = 1 [pid 6409] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6409] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6408] <... futex resumed>) = 0 [pid 6408] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6409] <... futex resumed>) = 1 [pid 6408] <... futex resumed>) = 0 [pid 6409] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6408] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6408] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6409] <... mmap resumed>) = 0x20000000 [pid 6409] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6409] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6408] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6408] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6410]}, 88) = 6410 [pid 6408] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6408] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6408] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6410 attached [pid 6410] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6410] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6410] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6410] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6409] <... futex resumed>) = ? [pid 6408] <... futex resumed>) = ? [pid 6410] +++ killed by SIGBUS +++ [pid 6409] +++ killed by SIGBUS +++ [pid 6408] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6408, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./459", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./459/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./459/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./459/binderfs") = 0 [ 124.726565][ T6409] loop0: detected capacity change from 0 to 2048 [ 124.737818][ T6409] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./459/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./459/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./459/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./459/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./459") = 0 mkdir("./460", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6411 attached , child_tidptr=0x555556218690) = 6411 [pid 6411] set_robust_list(0x5555562186a0, 24) = 0 [pid 6411] chdir("./460") = 0 [pid 6411] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6411] setpgid(0, 0) = 0 [pid 6411] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6411] write(3, "1000", 4) = 4 [pid 6411] close(3) = 0 [pid 6411] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6411] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6411] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6411] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6412 attached => {parent_tid=[6412]}, 88) = 6412 [pid 6412] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6411] rt_sigprocmask(SIG_SETMASK, [], [pid 6412] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6412] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6412] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6411] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] <... futex resumed>) = 0 [pid 6411] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6412] memfd_create("syzkaller", 0) = 3 [pid 6412] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6412] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6412] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6412] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6412] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6412] close(3) = 0 [pid 6412] mkdir("./file0", 0777) = 0 [pid 6412] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6412] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6412] chdir("./file0") = 0 [pid 6412] ioctl(4, LOOP_CLR_FD) = 0 [pid 6412] close(4) = 0 [pid 6412] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] <... futex resumed>) = 0 [pid 6412] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6411] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... open resumed>) = 4 [pid 6412] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6412] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] <... futex resumed>) = 0 [pid 6411] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = 0 [pid 6411] <... futex resumed>) = 1 [pid 6412] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6411] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6412] <... open resumed>) = 5 [pid 6412] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6411] <... futex resumed>) = 0 [pid 6412] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6411] <... futex resumed>) = 0 [pid 6412] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6411] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6412] <... mmap resumed>) = 0x20000000 [pid 6411] <... futex resumed>) = 0 [pid 6412] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6411] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6412] <... futex resumed>) = 0 [pid 6411] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6412] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6411] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6411] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6411] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6413 attached => {parent_tid=[6413]}, 88) = 6413 [pid 6411] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6411] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6411] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6413] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6413] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6413] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6413] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6412] <... futex resumed>) = ? [pid 6411] <... futex resumed>) = ? [pid 6413] +++ killed by SIGBUS +++ [pid 6412] +++ killed by SIGBUS +++ [pid 6411] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6411, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./460", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./460/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./460/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./460/binderfs") = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./460/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./460/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./460/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./460/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./460") = 0 mkdir("./461", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 124.841314][ T6412] loop0: detected capacity change from 0 to 2048 [ 124.853403][ T6412] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6414 attached , child_tidptr=0x555556218690) = 6414 [pid 6414] set_robust_list(0x5555562186a0, 24) = 0 [pid 6414] chdir("./461") = 0 [pid 6414] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6414] setpgid(0, 0) = 0 [pid 6414] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6414] write(3, "1000", 4) = 4 [pid 6414] close(3) = 0 [pid 6414] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6414] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6414] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6414] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6414] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6414] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6414] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6415]}, 88) = 6415 [pid 6414] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6414] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6415 attached [pid 6415] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6415] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6415] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6415] memfd_create("syzkaller", 0) = 3 [pid 6415] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6415] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6415] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6415] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6415] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6415] close(3) = 0 [pid 6415] mkdir("./file0", 0777) = 0 [pid 6415] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6415] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6415] chdir("./file0") = 0 [pid 6415] ioctl(4, LOOP_CLR_FD) = 0 [pid 6415] close(4) = 0 [pid 6415] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6415] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6414] <... futex resumed>) = 0 [pid 6414] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6415] <... futex resumed>) = 0 [pid 6414] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6415] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6414] <... futex resumed>) = 0 [pid 6415] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6414] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... open resumed>) = 5 [pid 6414] <... futex resumed>) = 0 [pid 6415] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6414] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6414] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6415] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6414] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6415] <... futex resumed>) = 0 [pid 6414] <... futex resumed>) = 1 [pid 6414] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6415] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6414] <... futex resumed>) = ? [pid 6415] +++ killed by SIGBUS +++ [pid 6414] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6414, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- umount2("./461", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./461/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./461/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./461/binderfs") = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./461/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./461/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./461/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./461/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./461") = 0 mkdir("./462", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 [ 124.942740][ T6415] loop0: detected capacity change from 0 to 2048 [ 124.955576][ T6415] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6416 attached , child_tidptr=0x555556218690) = 6416 [pid 6416] set_robust_list(0x5555562186a0, 24) = 0 [pid 6416] chdir("./462") = 0 [pid 6416] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6416] setpgid(0, 0) = 0 [pid 6416] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6416] write(3, "1000", 4) = 4 [pid 6416] close(3) = 0 [pid 6416] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6416] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6416] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6416] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6417]}, 88) = 6417 [pid 6416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6417 attached [pid 6417] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6417] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6417] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6417] memfd_create("syzkaller", 0) = 3 [pid 6417] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6417] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6417] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6417] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6417] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6417] close(3) = 0 [pid 6417] mkdir("./file0", 0777) = 0 [pid 6417] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6417] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6417] chdir("./file0") = 0 [pid 6417] ioctl(4, LOOP_CLR_FD) = 0 [pid 6417] close(4) = 0 [pid 6417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6416] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] <... futex resumed>) = 0 [pid 6417] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6417] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] <... futex resumed>) = 0 [pid 6416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = 0 [pid 6416] <... futex resumed>) = 1 [pid 6417] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6416] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6417] <... futex resumed>) = 0 [pid 6416] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6417] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6416] <... futex resumed>) = 0 [pid 6417] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6416] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6417] <... mmap resumed>) = 0x20000000 [pid 6416] <... futex resumed>) = 0 [pid 6416] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6416] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6417] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6417] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6416] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6416] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6418]}, 88) = 6418 [pid 6416] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6416] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6416] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6418 attached [pid 6418] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6418] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6418] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6418] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6417] <... futex resumed>) = ? [pid 6416] <... futex resumed>) = ? [pid 6418] +++ killed by SIGBUS +++ [pid 6417] +++ killed by SIGBUS +++ [pid 6416] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6416, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./462", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./462/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./462/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./462/binderfs") = 0 [ 125.049779][ T6417] loop0: detected capacity change from 0 to 2048 [ 125.061182][ T6417] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./462/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./462/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./462/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./462/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./462") = 0 mkdir("./463", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6419 attached , child_tidptr=0x555556218690) = 6419 [pid 6419] set_robust_list(0x5555562186a0, 24) = 0 [pid 6419] chdir("./463") = 0 [pid 6419] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6419] setpgid(0, 0) = 0 [pid 6419] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6419] write(3, "1000", 4) = 4 [pid 6419] close(3) = 0 [pid 6419] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6419] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6419] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6419] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6420]}, 88) = 6420 [pid 6419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6420 attached [pid 6420] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6419] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6420] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6420] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6420] memfd_create("syzkaller", 0) = 3 [pid 6420] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6420] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6420] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6420] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6420] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6420] close(3) = 0 [pid 6420] mkdir("./file0", 0777) = 0 [pid 6420] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6420] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6420] chdir("./file0") = 0 [pid 6420] ioctl(4, LOOP_CLR_FD) = 0 [pid 6420] close(4) = 0 [pid 6420] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6420] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6419] <... futex resumed>) = 0 [pid 6419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] <... futex resumed>) = 0 [pid 6419] <... futex resumed>) = 1 [pid 6420] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6419] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... open resumed>) = 4 [pid 6420] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6420] <... futex resumed>) = 1 [pid 6420] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6420] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6419] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6419] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6419] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6420] <... futex resumed>) = 1 [pid 6420] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0 [pid 6419] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6419] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6421 attached => {parent_tid=[6421]}, 88) = 6421 [pid 6419] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6419] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6420] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6419] <... futex resumed>) = 0 [pid 6420] <... futex resumed>) = 0 [pid 6421] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6419] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6421] <... rseq resumed>) = 0 [pid 6421] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6421] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6421] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6419] <... futex resumed>) = ? [pid 6421] +++ killed by SIGBUS +++ [pid 6420] +++ killed by SIGBUS +++ [pid 6419] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6419, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./463", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./463/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./463/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./463/binderfs") = 0 [ 125.155082][ T6420] loop0: detected capacity change from 0 to 2048 [ 125.167024][ T6420] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./463/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./463/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./463/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./463/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./463") = 0 mkdir("./464", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6422 attached , child_tidptr=0x555556218690) = 6422 [pid 6422] set_robust_list(0x5555562186a0, 24) = 0 [pid 6422] chdir("./464") = 0 [pid 6422] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6422] setpgid(0, 0) = 0 [pid 6422] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6422] write(3, "1000", 4) = 4 [pid 6422] close(3) = 0 [pid 6422] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6422] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6422] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6422] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6423 attached => {parent_tid=[6423]}, 88) = 6423 [pid 6423] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], [pid 6423] set_robust_list(0x7f3dc90769a0, 24 [pid 6422] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6423] <... set_robust_list resumed>) = 0 [pid 6422] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] rt_sigprocmask(SIG_SETMASK, [], [pid 6422] <... futex resumed>) = 0 [pid 6423] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6422] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6423] memfd_create("syzkaller", 0) = 3 [pid 6423] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6423] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6423] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6423] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6423] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6423] close(3) = 0 [pid 6423] mkdir("./file0", 0777) = 0 [pid 6423] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6423] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6423] chdir("./file0") = 0 [pid 6423] ioctl(4, LOOP_CLR_FD) = 0 [pid 6423] close(4) = 0 [pid 6423] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] <... futex resumed>) = 1 [pid 6423] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6423] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6423] <... futex resumed>) = 1 [pid 6422] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6423] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6422] <... futex resumed>) = 0 [pid 6423] <... open resumed>) = 5 [pid 6422] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6423] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6422] <... futex resumed>) = 0 [pid 6422] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6423] <... futex resumed>) = 1 [pid 6422] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6423] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 0x7f3dc0d35000 [pid 6422] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6422] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6422] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6423] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6424 attached ) = 0 [pid 6424] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6423] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6424] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6424] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6424] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6422] <... clone3 resumed> => {parent_tid=[6424]}, 88) = 6424 [pid 6422] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6422] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6422] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6424] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6424] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6423] <... futex resumed>) = ? [pid 6422] <... futex resumed>) = ? [pid 6423] +++ killed by SIGBUS +++ [pid 6424] +++ killed by SIGBUS +++ [pid 6422] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6422, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./464", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./464/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./464/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./464/binderfs") = 0 [ 125.261218][ T6423] loop0: detected capacity change from 0 to 2048 [ 125.272097][ T6423] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./464/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./464/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./464/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./464/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./464") = 0 mkdir("./465", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6425 attached , child_tidptr=0x555556218690) = 6425 [pid 6425] set_robust_list(0x5555562186a0, 24) = 0 [pid 6425] chdir("./465") = 0 [pid 6425] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6425] setpgid(0, 0) = 0 [pid 6425] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6425] write(3, "1000", 4) = 4 [pid 6425] close(3) = 0 [pid 6425] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6425] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6425] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6425] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6426 attached [pid 6426] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6425] <... clone3 resumed> => {parent_tid=[6426]}, 88) = 6426 [pid 6426] <... rseq resumed>) = 0 [pid 6425] rt_sigprocmask(SIG_SETMASK, [], [pid 6426] set_robust_list(0x7f3dc90769a0, 24 [pid 6425] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6426] <... set_robust_list resumed>) = 0 [pid 6426] rt_sigprocmask(SIG_SETMASK, [], [pid 6425] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6425] <... futex resumed>) = 0 [pid 6426] memfd_create("syzkaller", 0 [pid 6425] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6426] <... memfd_create resumed>) = 3 [pid 6426] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6426] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6426] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6426] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6426] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6426] close(3) = 0 [pid 6426] mkdir("./file0", 0777) = 0 [pid 6426] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6426] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6426] chdir("./file0") = 0 [pid 6426] ioctl(4, LOOP_CLR_FD) = 0 [pid 6426] close(4) = 0 [pid 6426] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] <... futex resumed>) = 0 [pid 6426] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6425] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... open resumed>) = 4 [pid 6426] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6426] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] <... futex resumed>) = 0 [pid 6425] <... futex resumed>) = 1 [pid 6426] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6425] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6426] <... open resumed>) = 5 [pid 6426] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6425] <... futex resumed>) = 0 [pid 6425] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6425] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6426] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6425] <... futex resumed>) = 0 [pid 6426] <... mmap resumed>) = 0x20000000 [pid 6425] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6425] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6426] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6425] <... mprotect resumed>) = 0 [pid 6426] <... futex resumed>) = 0 [pid 6426] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6425] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6425] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6427]}, 88) = 6427 [pid 6425] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6425] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000./strace-static-x86_64: Process 6427 attached ) = 0 [pid 6427] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6427] set_robust_list(0x7f3dc0d559a0, 24 [pid 6425] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6427] <... set_robust_list resumed>) = 0 [pid 6427] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6427] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6426] <... futex resumed>) = ? [pid 6425] <... futex resumed>) = ? [pid 6427] +++ killed by SIGBUS +++ [pid 6426] +++ killed by SIGBUS +++ [pid 6425] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6425, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./465", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./465/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./465/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./465/binderfs") = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./465/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./465/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./465/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 125.366298][ T6426] loop0: detected capacity change from 0 to 2048 [ 125.378121][ T6426] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./465/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./465") = 0 mkdir("./466", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6428 attached , child_tidptr=0x555556218690) = 6428 [pid 6428] set_robust_list(0x5555562186a0, 24) = 0 [pid 6428] chdir("./466") = 0 [pid 6428] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6428] setpgid(0, 0) = 0 [pid 6428] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6428] write(3, "1000", 4) = 4 [pid 6428] close(3) = 0 [pid 6428] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6428] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6428] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6428] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6428] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6428] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6428] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6429 attached => {parent_tid=[6429]}, 88) = 6429 [pid 6429] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6429] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6429] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6429] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6428] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = 1 [pid 6429] memfd_create("syzkaller", 0) = 3 [pid 6428] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6429] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6429] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6429] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6429] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6429] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6429] close(3) = 0 [pid 6429] mkdir("./file0", 0777) = 0 [pid 6429] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6429] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6429] chdir("./file0") = 0 [pid 6429] ioctl(4, LOOP_CLR_FD) = 0 [pid 6429] close(4) = 0 [pid 6429] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6429] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6428] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = 1 [pid 6429] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6428] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] <... open resumed>) = 4 [pid 6429] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6428] <... futex resumed>) = 0 [pid 6428] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6428] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6429] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6429] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] <... futex resumed>) = 0 [pid 6429] <... futex resumed>) = 1 [pid 6429] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6428] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... mmap resumed>) = 0x20000000 [pid 6428] <... futex resumed>) = 0 [pid 6429] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6428] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6429] <... futex resumed>) = 0 [pid 6428] <... futex resumed>) = 0 [pid 6429] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6428] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = ? [pid 6429] +++ killed by SIGBUS +++ [pid 6428] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6428, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./466", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./466/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./466/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./466/binderfs") = 0 [ 125.487357][ T6429] loop0: detected capacity change from 0 to 2048 [ 125.499734][ T6429] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./466/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./466/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./466/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./466/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./466") = 0 mkdir("./467", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6430 attached , child_tidptr=0x555556218690) = 6430 [pid 6430] set_robust_list(0x5555562186a0, 24) = 0 [pid 6430] chdir("./467") = 0 [pid 6430] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6430] setpgid(0, 0) = 0 [pid 6430] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6430] write(3, "1000", 4) = 4 [pid 6430] close(3) = 0 [pid 6430] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6430] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6430] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6430] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6431 attached => {parent_tid=[6431]}, 88) = 6431 [pid 6431] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6431] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6431] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6431] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6430] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... futex resumed>) = 0 [pid 6430] <... futex resumed>) = 1 [pid 6431] memfd_create("syzkaller", 0 [pid 6430] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6431] <... memfd_create resumed>) = 3 [pid 6431] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6431] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6431] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6431] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6431] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6431] close(3) = 0 [pid 6431] mkdir("./file0", 0777) = 0 [pid 6431] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6431] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6431] chdir("./file0") = 0 [pid 6431] ioctl(4, LOOP_CLR_FD) = 0 [pid 6431] close(4) = 0 [pid 6431] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6430] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6431] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6431] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... futex resumed>) = 0 [pid 6430] <... futex resumed>) = 1 [pid 6431] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6430] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6431] <... open resumed>) = 5 [pid 6431] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6430] <... futex resumed>) = 0 [pid 6431] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6431] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6431] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6430] <... futex resumed>) = 0 [pid 6430] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6431] <... mmap resumed>) = 0x20000000 [pid 6431] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6431] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6430] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6430] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6430] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6430] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6432 attached => {parent_tid=[6432]}, 88) = 6432 [pid 6430] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6430] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6430] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6432] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6432] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6432] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6432] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6431] <... futex resumed>) = ? [pid 6430] <... futex resumed>) = ? [pid 6432] +++ killed by SIGBUS +++ [pid 6431] +++ killed by SIGBUS +++ [pid 6430] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6430, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- umount2("./467", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./467/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./467/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./467/binderfs") = 0 [ 125.610738][ T6431] loop0: detected capacity change from 0 to 2048 [ 125.621635][ T6431] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./467/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./467/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./467/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./467/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./467") = 0 mkdir("./468", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6433 attached [pid 6433] set_robust_list(0x5555562186a0, 24) = 0 [pid 6433] chdir("./468") = 0 [pid 6433] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6433] setpgid(0, 0) = 0 [pid 6433] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6433] write(3, "1000", 4) = 4 [pid 6433] close(3) = 0 [pid 6433] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6433] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6433] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6433] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6433] rt_sigprocmask(SIG_BLOCK, ~[], [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6433 [pid 6433] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6434 attached => {parent_tid=[6434]}, 88) = 6434 [pid 6434] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6433] rt_sigprocmask(SIG_SETMASK, [], [pid 6434] <... rseq resumed>) = 0 [pid 6433] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6434] set_robust_list(0x7f3dc90769a0, 24 [pid 6433] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] <... set_robust_list resumed>) = 0 [pid 6434] rt_sigprocmask(SIG_SETMASK, [], [pid 6433] <... futex resumed>) = 0 [pid 6434] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6433] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6434] memfd_create("syzkaller", 0) = 3 [pid 6434] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6434] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6434] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6434] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6434] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6434] close(3) = 0 [pid 6434] mkdir("./file0", 0777) = 0 [pid 6434] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6434] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6434] chdir("./file0") = 0 [pid 6434] ioctl(4, LOOP_CLR_FD) = 0 [pid 6434] close(4) = 0 [pid 6434] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6433] <... futex resumed>) = 0 [pid 6434] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6433] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6434] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6433] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6434] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6434] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... futex resumed>) = 0 [pid 6433] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] <... futex resumed>) = 1 [pid 6433] <... futex resumed>) = 0 [pid 6433] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6434] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6434] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... futex resumed>) = 0 [pid 6433] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6434] <... futex resumed>) = 1 [pid 6434] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6433] <... futex resumed>) = 0 [pid 6434] <... mmap resumed>) = 0x20000000 [pid 6433] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6433] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6434] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6433] <... mprotect resumed>) = 0 [pid 6434] <... futex resumed>) = 0 [pid 6434] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6433] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6433] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6435]}, 88) = 6435 [pid 6433] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6433] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6433] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6435 attached [pid 6435] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6435] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6435] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6435] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6434] <... futex resumed>) = ? [pid 6433] <... futex resumed>) = ? [pid 6435] +++ killed by SIGBUS +++ [pid 6434] +++ killed by SIGBUS +++ [pid 6433] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6433, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./468", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./468/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./468/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./468/binderfs") = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./468/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./468/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./468/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./468/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./468") = 0 mkdir("./469", 0777) = 0 [ 125.709377][ T6434] loop0: detected capacity change from 0 to 2048 [ 125.722196][ T6434] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6436 attached , child_tidptr=0x555556218690) = 6436 [pid 6436] set_robust_list(0x5555562186a0, 24) = 0 [pid 6436] chdir("./469") = 0 [pid 6436] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6436] setpgid(0, 0) = 0 [pid 6436] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6436] write(3, "1000", 4) = 4 [pid 6436] close(3) = 0 [pid 6436] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6436] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6436] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6436] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6437 attached [pid 6437] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6436] <... clone3 resumed> => {parent_tid=[6437]}, 88) = 6437 [pid 6437] <... rseq resumed>) = 0 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], [pid 6437] set_robust_list(0x7f3dc90769a0, 24 [pid 6436] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6437] <... set_robust_list resumed>) = 0 [pid 6437] rt_sigprocmask(SIG_SETMASK, [], [pid 6436] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6436] <... futex resumed>) = 0 [pid 6437] memfd_create("syzkaller", 0 [pid 6436] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6437] <... memfd_create resumed>) = 3 [pid 6437] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6437] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6437] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6437] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6437] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6437] close(3) = 0 [pid 6437] mkdir("./file0", 0777) = 0 [pid 6437] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6437] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6437] chdir("./file0") = 0 [pid 6437] ioctl(4, LOOP_CLR_FD) = 0 [pid 6437] close(4) = 0 [pid 6437] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6436] <... futex resumed>) = 0 [pid 6437] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6436] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6437] <... open resumed>) = 4 [pid 6437] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6436] <... futex resumed>) = 0 [pid 6436] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6437] <... futex resumed>) = 1 [pid 6437] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6437] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6436] <... futex resumed>) = 0 [pid 6437] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL) = -1 EAGAIN (Resource temporarily unavailable) [pid 6436] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6437] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6436] <... futex resumed>) = 0 [pid 6436] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6437] <... mmap resumed>) = 0x20000000 [pid 6437] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6437] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6436] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6436] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6436] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6438]}, 88) = 6438 [pid 6436] rt_sigprocmask(SIG_SETMASK, [], ./strace-static-x86_64: Process 6438 attached NULL, 8) = 0 [pid 6436] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6436] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6438] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6438] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6438] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6438] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6438] +++ killed by SIGBUS +++ [pid 6437] <... futex resumed>) = ? [pid 6436] <... futex resumed>) = ? [pid 6437] +++ killed by SIGBUS +++ [pid 6436] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6436, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=2 /* 0.02 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./469", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./469/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./469/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./469/binderfs") = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./469/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./469/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./469/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 [ 125.800008][ T6437] loop0: detected capacity change from 0 to 2048 [ 125.814566][ T6437] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./469/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./469") = 0 mkdir("./470", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6439 attached , child_tidptr=0x555556218690) = 6439 [pid 6439] set_robust_list(0x5555562186a0, 24) = 0 [pid 6439] chdir("./470") = 0 [pid 6439] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6439] setpgid(0, 0) = 0 [pid 6439] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6439] write(3, "1000", 4) = 4 [pid 6439] close(3) = 0 [pid 6439] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6439] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6439] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6439] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6440 attached => {parent_tid=[6440]}, 88) = 6440 [pid 6440] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6439] rt_sigprocmask(SIG_SETMASK, [], [pid 6440] <... rseq resumed>) = 0 [pid 6439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6440] set_robust_list(0x7f3dc90769a0, 24 [pid 6439] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... set_robust_list resumed>) = 0 [pid 6440] rt_sigprocmask(SIG_SETMASK, [], [pid 6439] <... futex resumed>) = 0 [pid 6440] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6439] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6440] memfd_create("syzkaller", 0) = 3 [pid 6440] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6440] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6440] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6440] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6440] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6440] close(3) = 0 [pid 6440] mkdir("./file0", 0777) = 0 [pid 6440] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6440] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6440] chdir("./file0") = 0 [pid 6440] ioctl(4, LOOP_CLR_FD) = 0 [pid 6440] close(4) = 0 [pid 6440] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] <... futex resumed>) = 0 [pid 6440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6439] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6439] <... futex resumed>) = 0 [pid 6439] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] <... open resumed>) = 4 [pid 6440] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] <... futex resumed>) = 0 [pid 6439] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6440] <... futex resumed>) = 0 [pid 6439] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6440] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6440] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6439] <... futex resumed>) = 0 [pid 6440] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6439] <... futex resumed>) = 0 [pid 6440] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6439] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6440] <... mmap resumed>) = 0x20000000 [pid 6439] <... futex resumed>) = 0 [pid 6439] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6440] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6439] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6439] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6440] <... futex resumed>) = 0 [pid 6440] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6439] <... mprotect resumed>) = 0 [pid 6439] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6439] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6441 attached [pid 6441] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6439] <... clone3 resumed> => {parent_tid=[6441]}, 88) = 6441 [pid 6441] set_robust_list(0x7f3dc0d559a0, 24 [pid 6439] rt_sigprocmask(SIG_SETMASK, [], [pid 6441] <... set_robust_list resumed>) = 0 [pid 6439] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6439] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6439] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6441] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6441] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6440] <... futex resumed>) = ? [pid 6440] +++ killed by SIGBUS +++ [pid 6439] <... futex resumed>) = ? [pid 6441] +++ killed by SIGBUS +++ [pid 6439] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6439, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./470", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./470/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./470/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 125.897692][ T6440] loop0: detected capacity change from 0 to 2048 [ 125.911277][ T6440] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) unlink("./470/binderfs") = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./470/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./470/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./470/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./470/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./470") = 0 mkdir("./471", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6442 ./strace-static-x86_64: Process 6442 attached [pid 6442] set_robust_list(0x5555562186a0, 24) = 0 [pid 6442] chdir("./471") = 0 [pid 6442] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6442] setpgid(0, 0) = 0 [pid 6442] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6442] write(3, "1000", 4) = 4 [pid 6442] close(3) = 0 [pid 6442] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6442] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6442] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6442] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6442] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6442] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6442] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6443]}, 88) = 6443 [pid 6442] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6442] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6443 attached [pid 6443] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6442] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6443] <... rseq resumed>) = 0 [pid 6443] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6443] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6443] memfd_create("syzkaller", 0) = 3 [pid 6443] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6443] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6443] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6443] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6443] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6443] close(3) = 0 [pid 6443] mkdir("./file0", 0777) = 0 [pid 6443] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6443] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6443] chdir("./file0") = 0 [pid 6443] ioctl(4, LOOP_CLR_FD) = 0 [pid 6443] close(4) = 0 [pid 6443] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6442] <... futex resumed>) = 0 [pid 6443] <... futex resumed>) = 1 [pid 6442] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6442] <... futex resumed>) = 0 [pid 6442] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6443] <... open resumed>) = 4 [pid 6443] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6443] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] <... futex resumed>) = 0 [pid 6442] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6442] <... futex resumed>) = 1 [pid 6443] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6442] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6443] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6442] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6443] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6442] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6442] <... futex resumed>) = 1 [pid 6443] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6442] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6443] <... futex resumed>) = 0 [pid 6442] <... futex resumed>) = 1 [pid 6443] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6443] +++ killed by SIGBUS +++ [pid 6442] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6442, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./471", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./471/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./471/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./471/binderfs") = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./471/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./471/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./471/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./471/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./471") = 0 mkdir("./472", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6444 ./strace-static-x86_64: Process 6444 attached [ 126.025155][ T6443] loop0: detected capacity change from 0 to 2048 [ 126.037332][ T6443] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6444] set_robust_list(0x5555562186a0, 24) = 0 [pid 6444] chdir("./472") = 0 [pid 6444] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6444] setpgid(0, 0) = 0 [pid 6444] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6444] write(3, "1000", 4) = 4 [pid 6444] close(3) = 0 [pid 6444] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6444] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6444] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6444] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6444] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6445 attached => {parent_tid=[6445]}, 88) = 6445 [pid 6445] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6445] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6445] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], [pid 6445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6444] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6445] memfd_create("syzkaller", 0) = 3 [pid 6445] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6445] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6445] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6445] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6445] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6445] close(3) = 0 [pid 6445] mkdir("./file0", 0777) = 0 [pid 6445] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6445] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6445] chdir("./file0") = 0 [pid 6445] ioctl(4, LOOP_CLR_FD) = 0 [pid 6445] close(4) = 0 [pid 6445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6445] <... futex resumed>) = 0 [pid 6445] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6444] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... open resumed>) = 4 [pid 6445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6444] <... futex resumed>) = 0 [pid 6445] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6444] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6445] <... open resumed>) = 5 [pid 6445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6444] <... futex resumed>) = 0 [pid 6445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6445] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6444] <... futex resumed>) = 0 [pid 6445] <... mmap resumed>) = 0x20000000 [pid 6444] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6445] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6444] <... futex resumed>) = 0 [pid 6445] <... futex resumed>) = 0 [pid 6444] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6445] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6444] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6444] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6444] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6444] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6446 attached => {parent_tid=[6446]}, 88) = 6446 [pid 6446] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6444] rt_sigprocmask(SIG_SETMASK, [], [pid 6446] <... rseq resumed>) = 0 [pid 6444] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6446] set_robust_list(0x7f3dc0d559a0, 24 [pid 6444] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6446] <... set_robust_list resumed>) = 0 [pid 6444] <... futex resumed>) = 0 [pid 6444] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6446] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6446] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6444] <... futex resumed>) = ? [pid 6445] <... futex resumed>) = ? [pid 6445] +++ killed by SIGBUS +++ [pid 6446] +++ killed by SIGBUS +++ [pid 6444] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6444, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./472", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./472/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./472/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./472/binderfs") = 0 [ 126.132847][ T6445] loop0: detected capacity change from 0 to 2048 [ 126.144944][ T6445] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./472/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./472/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./472/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./472/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./472") = 0 mkdir("./473", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6447 ./strace-static-x86_64: Process 6447 attached [pid 6447] set_robust_list(0x5555562186a0, 24) = 0 [pid 6447] chdir("./473") = 0 [pid 6447] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6447] setpgid(0, 0) = 0 [pid 6447] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6447] write(3, "1000", 4) = 4 [pid 6447] close(3) = 0 [pid 6447] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6447] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6447] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6447] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6448 attached => {parent_tid=[6448]}, 88) = 6448 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6448] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6448] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6448] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6448] memfd_create("syzkaller", 0) = 3 [pid 6448] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6448] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6448] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6448] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6448] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6448] close(3) = 0 [pid 6448] mkdir("./file0", 0777) = 0 [pid 6448] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6448] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6448] chdir("./file0") = 0 [pid 6448] ioctl(4, LOOP_CLR_FD) = 0 [pid 6448] close(4) = 0 [pid 6448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6448] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6447] <... futex resumed>) = 1 [pid 6447] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] <... open resumed>) = 4 [pid 6448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6448] <... futex resumed>) = 1 [pid 6447] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6448] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6448] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... futex resumed>) = 0 [pid 6447] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6448] <... futex resumed>) = 0 [pid 6448] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 6447] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6448] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6448] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6447] <... mprotect resumed>) = 0 [pid 6447] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6447] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6449]}, 88) = 6449 [pid 6447] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6447] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6447] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6449 attached [pid 6449] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6449] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6449] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6449] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6448] <... futex resumed>) = ? [pid 6447] <... futex resumed>) = ? [pid 6449] +++ killed by SIGBUS +++ [pid 6448] +++ killed by SIGBUS +++ [pid 6447] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6447, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./473", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./473/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./473/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./473/binderfs") = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./473/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./473/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./473/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 [ 126.248042][ T6448] loop0: detected capacity change from 0 to 2048 [ 126.259573][ T6448] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(4) = 0 rmdir("./473/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./473") = 0 mkdir("./474", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6450 attached [pid 6450] set_robust_list(0x5555562186a0, 24) = 0 [pid 6450] chdir("./474") = 0 [pid 6450] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6450] setpgid(0, 0) = 0 [pid 6450] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6450] write(3, "1000", 4) = 4 [pid 6450] close(3) = 0 [pid 6450] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6450] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6450] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6450] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6451 attached => {parent_tid=[6451]}, 88) = 6451 [pid 6451] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6450] rt_sigprocmask(SIG_SETMASK, [], [pid 6451] set_robust_list(0x7f3dc90769a0, 24 [pid 6450] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6451] <... set_robust_list resumed>) = 0 [pid 6450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6451] rt_sigprocmask(SIG_SETMASK, [], [pid 6450] <... futex resumed>) = 0 [pid 6451] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6450] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6451] memfd_create("syzkaller", 0) = 3 [pid 6451] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 5041] <... clone resumed>, child_tidptr=0x555556218690) = 6450 [pid 6451] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6451] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6451] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6451] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6451] close(3) = 0 [pid 6451] mkdir("./file0", 0777) = 0 [pid 6451] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6451] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6451] chdir("./file0") = 0 [pid 6451] ioctl(4, LOOP_CLR_FD) = 0 [pid 6451] close(4) = 0 [pid 6451] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6450] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] <... open resumed>) = 4 [pid 6451] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6450] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6451] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6451] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] <... futex resumed>) = 0 [pid 6450] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] <... futex resumed>) = 1 [pid 6450] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6451] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6450] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6451] <... mmap resumed>) = 0x20000000 [pid 6451] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6450] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6451] <... futex resumed>) = 0 [pid 6451] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6450] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6450] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6450] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6452]}, 88) = 6452 ./strace-static-x86_64: Process 6452 attached [pid 6450] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6450] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6452] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6450] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6452] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6452] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6452] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6451] <... futex resumed>) = ? [pid 6450] <... futex resumed>) = ? [pid 6452] +++ killed by SIGBUS +++ [pid 6451] +++ killed by SIGBUS +++ [pid 6450] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6450, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./474", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./474/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./474/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./474/binderfs") = 0 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./474/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 [ 126.347172][ T6451] loop0: detected capacity change from 0 to 2048 [ 126.361470][ T6451] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./474/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./474/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./474/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./474") = 0 mkdir("./475", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6453 attached , child_tidptr=0x555556218690) = 6453 [pid 6453] set_robust_list(0x5555562186a0, 24) = 0 [pid 6453] chdir("./475") = 0 [pid 6453] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6453] setpgid(0, 0) = 0 [pid 6453] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6453] write(3, "1000", 4) = 4 [pid 6453] close(3) = 0 [pid 6453] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6453] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6453] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6453] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6454 attached [pid 6454] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6453] <... clone3 resumed> => {parent_tid=[6454]}, 88) = 6454 [pid 6454] <... rseq resumed>) = 0 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], [pid 6454] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6453] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6454] rt_sigprocmask(SIG_SETMASK, [], [pid 6453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6453] <... futex resumed>) = 0 [pid 6454] memfd_create("syzkaller", 0 [pid 6453] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6454] <... memfd_create resumed>) = 3 [pid 6454] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6454] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6454] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6454] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6454] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6454] close(3) = 0 [pid 6454] mkdir("./file0", 0777) = 0 [pid 6454] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6454] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6454] chdir("./file0") = 0 [pid 6454] ioctl(4, LOOP_CLR_FD) = 0 [pid 6454] close(4) = 0 [pid 6454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6454] <... futex resumed>) = 1 [pid 6453] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... futex resumed>) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6453] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6454] <... open resumed>) = 5 [pid 6454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... futex resumed>) = 0 [pid 6453] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... futex resumed>) = 1 [pid 6453] <... futex resumed>) = 0 [pid 6454] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6453] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6454] <... mmap resumed>) = 0x20000000 [pid 6453] <... futex resumed>) = 0 [pid 6453] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6453] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6454] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6453] <... mprotect resumed>) = 0 [pid 6454] <... futex resumed>) = 0 [pid 6454] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6453] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6453] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6455]}, 88) = 6455 [pid 6453] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6453] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6453] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6455 attached [pid 6455] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6455] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6455] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6455] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6454] <... futex resumed>) = ? [pid 6453] <... futex resumed>) = ? [pid 6455] +++ killed by SIGBUS +++ [pid 6454] +++ killed by SIGBUS +++ [pid 6453] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6453, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./475", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./475/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./475/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./475/binderfs") = 0 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 [ 126.446210][ T6454] loop0: detected capacity change from 0 to 2048 [ 126.458462][ T6454] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./475/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./475/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./475/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./475/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./475") = 0 mkdir("./476", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6456 ./strace-static-x86_64: Process 6456 attached [pid 6456] set_robust_list(0x5555562186a0, 24) = 0 [pid 6456] chdir("./476") = 0 [pid 6456] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6456] setpgid(0, 0) = 0 [pid 6456] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6456] write(3, "1000", 4) = 4 [pid 6456] close(3) = 0 [pid 6456] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6456] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6456] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6456] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6457]}, 88) = 6457 [pid 6456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6456] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6457 attached [pid 6457] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6457] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6457] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6457] memfd_create("syzkaller", 0) = 3 [pid 6457] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6457] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6457] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6457] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6457] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6457] close(3) = 0 [pid 6457] mkdir("./file0", 0777) = 0 [pid 6457] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6457] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6457] chdir("./file0") = 0 [pid 6457] ioctl(4, LOOP_CLR_FD) = 0 [pid 6457] close(4) = 0 [pid 6457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6457] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... futex resumed>) = 0 [pid 6456] <... futex resumed>) = 1 [pid 6457] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6456] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... open resumed>) = 4 [pid 6457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6457] <... open resumed>) = 5 [pid 6457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6456] <... futex resumed>) = 0 [pid 6456] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6456] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6457] <... mmap resumed>) = 0x20000000 [pid 6456] <... futex resumed>) = 0 [pid 6456] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6457] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6457] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6456] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6456] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6456] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6456] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6458 attached => {parent_tid=[6458]}, 88) = 6458 [pid 6456] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6456] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6458] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6456] <... futex resumed>) = 0 [pid 6458] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6458] rt_sigprocmask(SIG_SETMASK, [], [pid 6456] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6458] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6458] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6457] <... futex resumed>) = ? [pid 6456] <... futex resumed>) = ? [pid 6457] +++ killed by SIGBUS +++ [pid 6458] +++ killed by SIGBUS +++ [pid 6456] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6456, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./476", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./476/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./476/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./476/binderfs") = 0 [ 126.559546][ T6457] loop0: detected capacity change from 0 to 2048 [ 126.570894][ T6457] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./476/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./476/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./476/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./476/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./476") = 0 mkdir("./477", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6459 ./strace-static-x86_64: Process 6459 attached [pid 6459] set_robust_list(0x5555562186a0, 24) = 0 [pid 6459] chdir("./477") = 0 [pid 6459] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6459] setpgid(0, 0) = 0 [pid 6459] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6459] write(3, "1000", 4) = 4 [pid 6459] close(3) = 0 [pid 6459] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6459] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6459] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6459] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6460 attached => {parent_tid=[6460]}, 88) = 6460 [pid 6460] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6459] rt_sigprocmask(SIG_SETMASK, [], [pid 6460] <... rseq resumed>) = 0 [pid 6459] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6460] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6459] <... futex resumed>) = 0 [pid 6460] memfd_create("syzkaller", 0 [pid 6459] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6460] <... memfd_create resumed>) = 3 [pid 6460] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6460] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6460] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6460] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6460] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6460] close(3) = 0 [pid 6460] mkdir("./file0", 0777) = 0 [pid 6460] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6460] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6460] chdir("./file0") = 0 [pid 6460] ioctl(4, LOOP_CLR_FD) = 0 [pid 6460] close(4) = 0 [pid 6460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6460] <... futex resumed>) = 1 [pid 6459] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6459] <... futex resumed>) = 0 [pid 6459] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6459] <... futex resumed>) = 0 [pid 6460] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6460] <... futex resumed>) = 0 [pid 6460] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1<) = 1 [pid 6459] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6459] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6460] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6459] <... mprotect resumed>) = 0 [pid 6460] <... futex resumed>) = 0 [pid 6460] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6459] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6459] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6461]}, 88) = 6461 ./strace-static-x86_64: Process 6461 attached [pid 6459] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6459] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6459] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6461] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6461] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6461] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6461] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6459] <... futex resumed>) = ? [pid 6460] <... futex resumed>) = ? [pid 6460] +++ killed by SIGBUS +++ [pid 6461] +++ killed by SIGBUS +++ [pid 6459] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6459, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./477", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./477/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./477/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./477/binderfs") = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./477/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./477/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./477/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 [ 126.682272][ T6460] loop0: detected capacity change from 0 to 2048 [ 126.694135][ T6460] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./477/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./477") = 0 mkdir("./478", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6462 ./strace-static-x86_64: Process 6462 attached [pid 6462] set_robust_list(0x5555562186a0, 24) = 0 [pid 6462] chdir("./478") = 0 [pid 6462] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6462] setpgid(0, 0) = 0 [pid 6462] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6462] write(3, "1000", 4) = 4 [pid 6462] close(3) = 0 [pid 6462] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6462] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6462] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6462] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6463 attached => {parent_tid=[6463]}, 88) = 6463 [pid 6463] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6463] set_robust_list(0x7f3dc90769a0, 24 [pid 6462] rt_sigprocmask(SIG_SETMASK, [], [pid 6463] <... set_robust_list resumed>) = 0 [pid 6462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6463] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6463] memfd_create("syzkaller", 0) = 3 [pid 6463] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6463] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6463] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6463] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6463] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6463] close(3) = 0 [pid 6463] mkdir("./file0", 0777) = 0 [pid 6463] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6463] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6463] chdir("./file0") = 0 [pid 6463] ioctl(4, LOOP_CLR_FD) = 0 [pid 6463] close(4) = 0 [pid 6463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6462] <... futex resumed>) = 0 [pid 6463] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6462] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... open resumed>) = 4 [pid 6463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6463] <... futex resumed>) = 1 [pid 6463] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6462] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6463] <... futex resumed>) = 1 [pid 6462] <... futex resumed>) = 0 [pid 6463] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6462] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6463] <... mmap resumed>) = 0x20000000 [pid 6462] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6462] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6462] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6464 attached [pid 6464] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6464] set_robust_list(0x7f3dc0d559a0, 24 [pid 6463] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6462] <... clone3 resumed> => {parent_tid=[6464]}, 88) = 6464 [pid 6464] <... set_robust_list resumed>) = 0 [pid 6463] <... futex resumed>) = 0 [pid 6462] rt_sigprocmask(SIG_SETMASK, [], [pid 6464] rt_sigprocmask(SIG_SETMASK, [], [pid 6463] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6462] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6462] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6464] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6462] <... futex resumed>) = 0 [pid 6462] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6464] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6463] <... futex resumed>) = ? [pid 6463] +++ killed by SIGBUS +++ [pid 6464] +++ killed by SIGBUS +++ [pid 6462] <... futex resumed>) = ? [pid 6462] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6462, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./478", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./478/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./478/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./478/binderfs") = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./478/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./478/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./478/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./478/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 126.790056][ T6463] loop0: detected capacity change from 0 to 2048 [ 126.801879][ T6463] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./478") = 0 mkdir("./479", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6465 ./strace-static-x86_64: Process 6465 attached [pid 6465] set_robust_list(0x5555562186a0, 24) = 0 [pid 6465] chdir("./479") = 0 [pid 6465] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6465] setpgid(0, 0) = 0 [pid 6465] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6465] write(3, "1000", 4) = 4 [pid 6465] close(3) = 0 [pid 6465] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6465] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6465] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6465] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6466 attached => {parent_tid=[6466]}, 88) = 6466 [pid 6466] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6465] rt_sigprocmask(SIG_SETMASK, [], [pid 6466] <... rseq resumed>) = 0 [pid 6465] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6466] set_robust_list(0x7f3dc90769a0, 24 [pid 6465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... set_robust_list resumed>) = 0 [pid 6465] <... futex resumed>) = 0 [pid 6466] rt_sigprocmask(SIG_SETMASK, [], [pid 6465] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6466] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6466] memfd_create("syzkaller", 0) = 3 [pid 6466] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6466] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6466] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6466] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6466] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6466] close(3) = 0 [pid 6466] mkdir("./file0", 0777) = 0 [pid 6466] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6466] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6466] chdir("./file0") = 0 [pid 6466] ioctl(4, LOOP_CLR_FD) = 0 [pid 6466] close(4) = 0 [pid 6466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6466] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... open resumed>) = 4 [pid 6466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6465] <... futex resumed>) = 0 [pid 6466] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6466] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6465] <... futex resumed>) = 0 [pid 6465] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6466] <... futex resumed>) = 1 [pid 6465] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6466] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6465] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6466] <... mmap resumed>) = 0x20000000 [pid 6465] <... mprotect resumed>) = 0 [pid 6465] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6465] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6467]}, 88) = 6467 [pid 6465] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6465] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6465] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6466] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6467 attached [pid 6467] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6466] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6467] <... rseq resumed>) = 0 [pid 6467] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6467] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6467] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6466] <... futex resumed>) = ? [pid 6466] +++ killed by SIGBUS +++ [pid 6465] <... futex resumed>) = ? [pid 6467] +++ killed by SIGBUS +++ [pid 6465] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6465, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=5 /* 0.05 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./479", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./479/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./479/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./479/binderfs") = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./479/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./479/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./479/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 [ 126.896665][ T6466] loop0: detected capacity change from 0 to 2048 [ 126.922478][ T6466] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./479/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./479") = 0 mkdir("./480", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6468 attached , child_tidptr=0x555556218690) = 6468 [pid 6468] set_robust_list(0x5555562186a0, 24) = 0 [pid 6468] chdir("./480") = 0 [pid 6468] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6468] setpgid(0, 0) = 0 [pid 6468] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6468] write(3, "1000", 4) = 4 [pid 6468] close(3) = 0 [pid 6468] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6468] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6468] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6468] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6469 attached [pid 6469] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6468] <... clone3 resumed> => {parent_tid=[6469]}, 88) = 6469 [pid 6469] set_robust_list(0x7f3dc90769a0, 24 [pid 6468] rt_sigprocmask(SIG_SETMASK, [], [pid 6469] <... set_robust_list resumed>) = 0 [pid 6468] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6469] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6469] memfd_create("syzkaller", 0) = 3 [pid 6469] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6469] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6469] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6469] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6469] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6469] close(3) = 0 [pid 6469] mkdir("./file0", 0777) = 0 [pid 6469] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6469] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6469] chdir("./file0") = 0 [pid 6469] ioctl(4, LOOP_CLR_FD) = 0 [pid 6469] close(4) = 0 [pid 6469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6469] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6468] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... open resumed>) = 4 [pid 6469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6469] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6468] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6469] <... open resumed>) = 5 [pid 6469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6468] <... futex resumed>) = 0 [pid 6469] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6468] <... futex resumed>) = 0 [pid 6468] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6469] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6468] <... futex resumed>) = 0 [pid 6469] <... mmap resumed>) = 0x20000000 [pid 6468] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6469] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6468] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6469] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6468] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6468] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6470 attached [pid 6470] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6470] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6470] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6470] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6468] <... clone3 resumed> => {parent_tid=[6470]}, 88) = 6470 [pid 6468] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6468] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6470] <... futex resumed>) = 0 [pid 6468] <... futex resumed>) = 1 [pid 6468] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6470] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6469] <... futex resumed>) = ? [pid 6469] +++ killed by SIGBUS +++ [pid 6468] <... futex resumed>) = ? [pid 6470] +++ killed by SIGBUS +++ [pid 6468] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6468, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./480", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./480/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./480/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./480/binderfs") = 0 [ 127.015648][ T6469] loop0: detected capacity change from 0 to 2048 [ 127.026919][ T6469] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./480/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./480/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./480/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./480/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./480") = 0 mkdir("./481", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6471 attached , child_tidptr=0x555556218690) = 6471 [pid 6471] set_robust_list(0x5555562186a0, 24) = 0 [pid 6471] chdir("./481") = 0 [pid 6471] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6471] setpgid(0, 0) = 0 [pid 6471] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6471] write(3, "1000", 4) = 4 [pid 6471] close(3) = 0 [pid 6471] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6471] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6471] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6471] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6472 attached => {parent_tid=[6472]}, 88) = 6472 [pid 6472] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6471] rt_sigprocmask(SIG_SETMASK, [], [pid 6472] set_robust_list(0x7f3dc90769a0, 24 [pid 6471] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6472] <... set_robust_list resumed>) = 0 [pid 6471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6472] rt_sigprocmask(SIG_SETMASK, [], [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6472] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6472] memfd_create("syzkaller", 0) = 3 [pid 6472] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6472] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6472] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6472] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6472] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6472] close(3) = 0 [pid 6472] mkdir("./file0", 0777) = 0 [pid 6472] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6472] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6472] chdir("./file0") = 0 [pid 6472] ioctl(4, LOOP_CLR_FD) = 0 [pid 6472] close(4) = 0 [pid 6472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] <... futex resumed>) = 1 [pid 6472] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6471] <... futex resumed>) = 0 [pid 6471] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6471] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6472] <... futex resumed>) = 1 [pid 6471] <... mprotect resumed>) = 0 [pid 6472] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6471] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6471] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6473]}, 88) = 6473 [pid 6471] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6471] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6471] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6472] <... mmap resumed>) = 0x20000000 [pid 6472] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6472] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6473 attached [pid 6473] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6473] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6473] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6473] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6471] <... futex resumed>) = ? [pid 6472] <... futex resumed>) = ? [pid 6473] +++ killed by SIGBUS +++ [pid 6472] +++ killed by SIGBUS +++ [pid 6471] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6471, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./481", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./481/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./481/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./481/binderfs") = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./481/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./481/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./481/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./481/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 [ 127.111770][ T6472] loop0: detected capacity change from 0 to 2048 [ 127.123757][ T6472] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) rmdir("./481") = 0 mkdir("./482", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6474 attached , child_tidptr=0x555556218690) = 6474 [pid 6474] set_robust_list(0x5555562186a0, 24) = 0 [pid 6474] chdir("./482") = 0 [pid 6474] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6474] setpgid(0, 0) = 0 [pid 6474] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6474] write(3, "1000", 4) = 4 [pid 6474] close(3) = 0 [pid 6474] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6474] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6474] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6474] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6475]}, 88) = 6475 [pid 6474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 ./strace-static-x86_64: Process 6475 attached [pid 6474] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6475] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6475] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6475] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6475] memfd_create("syzkaller", 0) = 3 [pid 6475] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6475] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6475] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6475] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6475] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6475] close(3) = 0 [pid 6475] mkdir("./file0", 0777) = 0 [pid 6475] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6475] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6475] chdir("./file0") = 0 [pid 6475] ioctl(4, LOOP_CLR_FD) = 0 [pid 6475] close(4) = 0 [pid 6475] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6475] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6474] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... futex resumed>) = 0 [pid 6475] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6475] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... futex resumed>) = 1 [pid 6475] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6475] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6474] <... futex resumed>) = 0 [pid 6474] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6474] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6474] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6474] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6476]}, 88) = 6476 [pid 6474] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6474] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6474] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6475] <... futex resumed>) = 1 [pid 6475] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6476] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6476] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6476] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6476] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6475] <... mmap resumed>) = 0x20000000 [pid 6474] <... futex resumed>) = ? [pid 6476] +++ killed by SIGBUS +++ [pid 6475] +++ killed by SIGBUS +++ [pid 6474] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6474, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./482", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./482/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./482/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./482/binderfs") = 0 [ 127.208479][ T6475] loop0: detected capacity change from 0 to 2048 [ 127.218881][ T6475] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./482/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./482/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./482/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./482/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./482") = 0 mkdir("./483", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6477 ./strace-static-x86_64: Process 6477 attached [pid 6477] set_robust_list(0x5555562186a0, 24) = 0 [pid 6477] chdir("./483") = 0 [pid 6477] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6477] setpgid(0, 0) = 0 [pid 6477] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6477] write(3, "1000", 4) = 4 [pid 6477] close(3) = 0 [pid 6477] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6477] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6477] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6477] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6477] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6478 attached => {parent_tid=[6478]}, 88) = 6478 [pid 6478] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6477] rt_sigprocmask(SIG_SETMASK, [], [pid 6478] <... rseq resumed>) = 0 [pid 6478] set_robust_list(0x7f3dc90769a0, 24 [pid 6477] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6478] <... set_robust_list resumed>) = 0 [pid 6477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] rt_sigprocmask(SIG_SETMASK, [], [pid 6477] <... futex resumed>) = 0 [pid 6478] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6477] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6478] memfd_create("syzkaller", 0) = 3 [pid 6478] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6478] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6478] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6478] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6478] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6478] close(3) = 0 [pid 6478] mkdir("./file0", 0777) = 0 [pid 6478] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6478] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6478] chdir("./file0") = 0 [pid 6478] ioctl(4, LOOP_CLR_FD) = 0 [pid 6478] close(4) = 0 [pid 6478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6478] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6478] <... futex resumed>) = 0 [pid 6477] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6477] <... futex resumed>) = 0 [pid 6478] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6478] <... open resumed>) = 5 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] <... futex resumed>) = 0 [pid 6477] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6477] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6478] <... futex resumed>) = 1 [pid 6478] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6477] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6478] <... mmap resumed>) = 0x20000000 [pid 6477] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6477] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6477] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6478] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6477] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6478] <... futex resumed>) = 0 [pid 6477] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} [pid 6478] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL./strace-static-x86_64: Process 6479 attached [pid 6477] <... clone3 resumed> => {parent_tid=[6479]}, 88) = 6479 [pid 6477] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6477] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6479] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6479] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6479] rt_sigprocmask(SIG_SETMASK, [], [pid 6477] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6479] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6479] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6477] <... futex resumed>) = ? [pid 6478] <... futex resumed>) = ? [pid 6479] +++ killed by SIGBUS +++ [pid 6478] +++ killed by SIGBUS +++ [pid 6477] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6477, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./483", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./483/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./483/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./483/binderfs") = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./483/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./483/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./483/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./483/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./483") = 0 mkdir("./484", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) [ 127.320685][ T6478] loop0: detected capacity change from 0 to 2048 [ 127.332379][ T6478] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6480 ./strace-static-x86_64: Process 6480 attached [pid 6480] set_robust_list(0x5555562186a0, 24) = 0 [pid 6480] chdir("./484") = 0 [pid 6480] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6480] setpgid(0, 0) = 0 [pid 6480] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6480] write(3, "1000", 4) = 4 [pid 6480] close(3) = 0 [pid 6480] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6480] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6480] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6480] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6481]}, 88) = 6481 ./strace-static-x86_64: Process 6481 attached [pid 6480] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6481] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6480] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6481] <... rseq resumed>) = 0 [pid 6481] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6481] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6481] memfd_create("syzkaller", 0) = 3 [pid 6481] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6481] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6481] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6481] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6481] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6481] close(3) = 0 [pid 6481] mkdir("./file0", 0777) = 0 [ 127.403034][ T6481] __do_sys_memfd_create: 36 callbacks suppressed [ 127.403052][ T6481] syz-executor183[6481]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 127.437534][ T6481] loop0: detected capacity change from 0 to 2048 [pid 6481] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6481] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6481] chdir("./file0") = 0 [pid 6481] ioctl(4, LOOP_CLR_FD) = 0 [pid 6481] close(4) = 0 [pid 6481] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... futex resumed>) = 1 [pid 6481] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6481] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6481] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6481] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6480] <... futex resumed>) = 0 [pid 6481] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6480] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6481] <... open resumed>) = 5 [pid 6481] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6480] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6480] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6480] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6481] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6480] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6481] <... mmap resumed>) = 0x20000000 [pid 6480] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6482 attached [pid 6482] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6482] set_robust_list(0x7f3dc0d559a0, 24 [pid 6480] <... clone3 resumed> => {parent_tid=[6482]}, 88) = 6482 [pid 6482] <... set_robust_list resumed>) = 0 [pid 6481] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6480] rt_sigprocmask(SIG_SETMASK, [], [pid 6482] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6481] <... futex resumed>) = 0 [pid 6480] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6482] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6481] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6480] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6482] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6480] <... futex resumed>) = 0 [pid 6480] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6482] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6481] <... futex resumed>) = ? [pid 6480] <... futex resumed>) = ? [pid 6482] +++ killed by SIGBUS +++ [pid 6481] +++ killed by SIGBUS +++ [pid 6480] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6480, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./484", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./484/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./484/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./484/binderfs") = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./484/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./484/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./484/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./484/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./484") = 0 [ 127.449252][ T6481] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) mkdir("./485", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6483 ./strace-static-x86_64: Process 6483 attached [pid 6483] set_robust_list(0x5555562186a0, 24) = 0 [pid 6483] chdir("./485") = 0 [pid 6483] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6483] setpgid(0, 0) = 0 [pid 6483] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6483] write(3, "1000", 4) = 4 [pid 6483] close(3) = 0 [pid 6483] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6483] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6483] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6483] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6483] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6484 attached [pid 6484] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6483] <... clone3 resumed> => {parent_tid=[6484]}, 88) = 6484 [pid 6483] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6484] <... rseq resumed>) = 0 [pid 6484] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6484] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6484] memfd_create("syzkaller", 0) = 3 [pid 6484] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6484] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6484] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6484] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6484] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6484] close(3) = 0 [pid 6484] mkdir("./file0", 0777) = 0 [pid 6484] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6484] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6484] chdir("./file0") = 0 [pid 6484] ioctl(4, LOOP_CLR_FD) = 0 [pid 6484] close(4) = 0 [ 127.519503][ T6484] syz-executor183[6484]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 127.549100][ T6484] loop0: detected capacity change from 0 to 2048 [ 127.561020][ T6484] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6484] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = 0 [pid 6483] <... futex resumed>) = 1 [pid 6484] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6483] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... open resumed>) = 4 [pid 6484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6484] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6483] <... futex resumed>) = 0 [pid 6484] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6483] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6484] <... open resumed>) = 5 [pid 6484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6483] <... futex resumed>) = 0 [pid 6483] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6483] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6484] <... mmap resumed>) = 0x20000000 [pid 6483] <... mprotect resumed>) = 0 [pid 6484] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6483] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6484] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6483] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6483] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6485 attached [pid 6485] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6483] <... clone3 resumed> => {parent_tid=[6485]}, 88) = 6485 [pid 6485] <... rseq resumed>) = 0 [pid 6485] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6483] rt_sigprocmask(SIG_SETMASK, [], [pid 6485] rt_sigprocmask(SIG_SETMASK, [], [pid 6483] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6485] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6485] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6483] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6484] <... futex resumed>) = ? [pid 6483] <... futex resumed>) = ? [pid 6484] +++ killed by SIGBUS +++ [pid 6485] +++ killed by SIGBUS +++ [pid 6483] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6483, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./485", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./485/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./485/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./485/binderfs") = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./485/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./485/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./485/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./485/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./485") = 0 mkdir("./486", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6486 attached , child_tidptr=0x555556218690) = 6486 [pid 6486] set_robust_list(0x5555562186a0, 24) = 0 [pid 6486] chdir("./486") = 0 [pid 6486] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6486] setpgid(0, 0) = 0 [pid 6486] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6486] write(3, "1000", 4) = 4 [pid 6486] close(3) = 0 [pid 6486] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6486] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6486] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6486] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6487 attached => {parent_tid=[6487]}, 88) = 6487 [pid 6487] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6486] rt_sigprocmask(SIG_SETMASK, [], [pid 6487] set_robust_list(0x7f3dc90769a0, 24 [pid 6486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6487] <... set_robust_list resumed>) = 0 [pid 6486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] rt_sigprocmask(SIG_SETMASK, [], [pid 6486] <... futex resumed>) = 0 [pid 6487] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6486] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6487] memfd_create("syzkaller", 0) = 3 [pid 6487] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6487] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6487] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6487] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6487] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6487] close(3) = 0 [pid 6487] mkdir("./file0", 0777) = 0 [pid 6487] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6487] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6487] chdir("./file0") = 0 [pid 6487] ioctl(4, LOOP_CLR_FD) = 0 [pid 6487] close(4) = 0 [pid 6487] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6486] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6487] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6487] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6487] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] <... futex resumed>) = 0 [pid 6486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = 0 [pid 6486] <... futex resumed>) = 1 [pid 6487] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6487] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6487] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6486] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = 0 [pid 6486] <... futex resumed>) = 1 [pid 6487] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6486] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6487] <... futex resumed>) = 0 [pid 6486] <... futex resumed>) = 0 [pid 6487] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6486] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6486] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6486] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0} => {parent_tid=[6488]}, 88) = 6488 ./strace-static-x86_64: Process 6488 attached [pid 6488] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6488] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6486] rt_sigprocmask(SIG_SETMASK, [], [pid 6488] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6486] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6488] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6486] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6488] <... futex resumed>) = 0 [pid 6486] <... futex resumed>) = 1 [pid 6486] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6488] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6487] <... futex resumed>) = ? [pid 6488] +++ killed by SIGBUS +++ [pid 6487] +++ killed by SIGBUS +++ [pid 6486] <... futex resumed>) = ? [pid 6486] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6486, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./486", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./486/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) [ 127.639476][ T6487] syz-executor183[6487]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 127.667134][ T6487] loop0: detected capacity change from 0 to 2048 [ 127.679023][ T6487] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) newfstatat(AT_FDCWD, "./486/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./486/binderfs") = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./486/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./486/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./486/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./486/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./486") = 0 mkdir("./487", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6489 ./strace-static-x86_64: Process 6489 attached [pid 6489] set_robust_list(0x5555562186a0, 24) = 0 [pid 6489] chdir("./487") = 0 [pid 6489] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6489] setpgid(0, 0) = 0 [pid 6489] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6489] write(3, "1000", 4) = 4 [pid 6489] close(3) = 0 [pid 6489] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6489] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6489] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6489] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6489] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6490 attached => {parent_tid=[6490]}, 88) = 6490 [pid 6489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6490] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6490] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6490] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6490] memfd_create("syzkaller", 0) = 3 [pid 6490] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6490] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6490] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6490] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6490] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6490] close(3) = 0 [pid 6490] mkdir("./file0", 0777) = 0 [pid 6490] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6490] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6490] chdir("./file0") = 0 [pid 6490] ioctl(4, LOOP_CLR_FD) = 0 [pid 6490] close(4) = 0 [pid 6490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6490] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6489] <... futex resumed>) = 0 [pid 6489] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] <... open resumed>) = 4 [pid 6490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6490] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6490] <... open resumed>) = 5 [pid 6490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6489] <... futex resumed>) = 0 [pid 6490] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6489] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6489] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6490] <... mmap resumed>) = 0x20000000 [pid 6489] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6489] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6490] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6489] <... mprotect resumed>) = 0 [pid 6489] rt_sigprocmask(SIG_BLOCK, ~[], [pid 6490] <... futex resumed>) = 0 [pid 6490] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6489] <... rt_sigprocmask resumed>[], 8) = 0 [pid 6489] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6491 attached [pid 6491] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6489] <... clone3 resumed> => {parent_tid=[6491]}, 88) = 6491 [pid 6491] <... rseq resumed>) = 0 [pid 6489] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6489] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6491] set_robust_list(0x7f3dc0d559a0, 24 [pid 6489] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6491] <... set_robust_list resumed>) = 0 [pid 6491] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6491] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6490] <... futex resumed>) = ? [pid 6489] <... futex resumed>) = ? [pid 6490] +++ killed by SIGBUS +++ [pid 6491] +++ killed by SIGBUS +++ [pid 6489] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6489, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=4 /* 0.04 s */} --- umount2("./487", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./487/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./487/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./487/binderfs") = 0 [ 127.775717][ T6490] syz-executor183[6490]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 127.798613][ T6490] loop0: detected capacity change from 0 to 2048 [ 127.809510][ T6490] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./487/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./487/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./487/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./487/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./487") = 0 mkdir("./488", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6492 attached , child_tidptr=0x555556218690) = 6492 [pid 6492] set_robust_list(0x5555562186a0, 24) = 0 [pid 6492] chdir("./488") = 0 [pid 6492] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6492] setpgid(0, 0) = 0 [pid 6492] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6492] write(3, "1000", 4) = 4 [pid 6492] close(3) = 0 [pid 6492] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6492] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6492] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6492] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0}./strace-static-x86_64: Process 6493 attached [pid 6493] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053 [pid 6492] <... clone3 resumed> => {parent_tid=[6493]}, 88) = 6493 [pid 6492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000} [pid 6493] <... rseq resumed>) = 0 [pid 6493] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6493] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6493] memfd_create("syzkaller", 0) = 3 [pid 6493] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6493] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6493] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6493] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6493] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6493] close(3) = 0 [pid 6493] mkdir("./file0", 0777) = 0 [pid 6493] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6493] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6493] chdir("./file0") = 0 [pid 6493] ioctl(4, LOOP_CLR_FD) = 0 [pid 6493] close(4) = 0 [pid 6493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6493] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = 0 [pid 6492] <... futex resumed>) = 1 [pid 6493] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6492] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... open resumed>) = 4 [pid 6493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] <... futex resumed>) = 0 [pid 6493] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6492] <... futex resumed>) = 0 [pid 6493] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6492] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6493] <... open resumed>) = 5 [pid 6493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6492] <... futex resumed>) = 0 [pid 6493] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6492] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6493] <... mmap resumed>) = 0x20000000 [pid 6492] <... futex resumed>) = 0 [pid 6492] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6493] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6492] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6493] <... futex resumed>) = 0 [pid 6492] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE [pid 6493] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6492] <... mprotect resumed>) = 0 [pid 6492] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6492] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6494 attached => {parent_tid=[6494]}, 88) = 6494 [pid 6492] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6492] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6492] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6494] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6494] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6494] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6494] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6492] <... futex resumed>) = ? [pid 6493] <... futex resumed>) = ? [pid 6493] +++ killed by SIGBUS +++ [pid 6494] +++ killed by SIGBUS +++ [pid 6492] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6492, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=6 /* 0.06 s */} --- umount2("./488", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./488/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./488/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./488/binderfs") = 0 [ 127.891187][ T6493] syz-executor183[6493]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 127.913988][ T6493] loop0: detected capacity change from 0 to 2048 [ 127.924657][ T6493] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./488/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./488/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./488/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./488/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./488") = 0 mkdir("./489", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address) close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6495 attached , child_tidptr=0x555556218690) = 6495 [pid 6495] set_robust_list(0x5555562186a0, 24) = 0 [pid 6495] chdir("./489") = 0 [pid 6495] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6495] setpgid(0, 0) = 0 [pid 6495] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6495] write(3, "1000", 4) = 4 [pid 6495] close(3) = 0 [pid 6495] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6495] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6495] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6495] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6495] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6495] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6496]}, 88) = 6496 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6496 attached [pid 6496] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6496] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6496] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6496] memfd_create("syzkaller", 0) = 3 [pid 6496] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6496] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6496] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6496] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6496] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6496] close(3) = 0 [pid 6496] mkdir("./file0", 0777) = 0 [pid 6496] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6496] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6496] chdir("./file0") = 0 [pid 6496] ioctl(4, LOOP_CLR_FD) = 0 [pid 6496] close(4) = 0 [pid 6496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6496] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] <... futex resumed>) = 0 [pid 6496] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6495] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... open resumed>) = 4 [pid 6496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6495] <... futex resumed>) = 0 [pid 6496] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6496] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6495] <... futex resumed>) = 0 [pid 6496] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6495] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6496] <... open resumed>) = 5 [pid 6496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6495] <... futex resumed>) = 0 [pid 6495] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0 [pid 6496] <... futex resumed>) = 1 [pid 6495] <... mmap resumed>) = 0x7f3dc0d35000 [pid 6496] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6496] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6496] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6495] <... clone3 resumed> => {parent_tid=[6497]}, 88) = 6497 [pid 6495] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6495] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6495] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}./strace-static-x86_64: Process 6497 attached [pid 6497] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053) = 0 [pid 6497] set_robust_list(0x7f3dc0d559a0, 24) = 0 [pid 6497] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6497] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6496] <... futex resumed>) = ? [pid 6497] +++ killed by SIGBUS +++ [pid 6496] +++ killed by SIGBUS +++ [pid 6495] <... futex resumed>) = ? [pid 6495] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6495, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- restart_syscall(<... resuming interrupted clone ...>) = 0 umount2("./489", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./489/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./489/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./489/binderfs") = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./489/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./489/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./489/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./489/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./489") = 0 mkdir("./490", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 [ 127.993451][ T6496] syz-executor183[6496]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 128.017411][ T6496] loop0: detected capacity change from 0 to 2048 [ 128.028792][ T6496] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6498 ./strace-static-x86_64: Process 6498 attached [pid 6498] set_robust_list(0x5555562186a0, 24) = 0 [pid 6498] chdir("./490") = 0 [pid 6498] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6498] setpgid(0, 0) = 0 [pid 6498] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6498] write(3, "1000", 4) = 4 [pid 6498] close(3) = 0 [pid 6498] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6498] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6498] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6498] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6498] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6498] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6498] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6499]}, 88) = 6499 [pid 6498] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6498] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6499 attached [pid 6499] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6499] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6499] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6499] memfd_create("syzkaller", 0) = 3 [pid 6499] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6499] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6499] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6499] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6499] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6499] close(3) = 0 [pid 6499] mkdir("./file0", 0777) = 0 [pid 6499] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6499] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6499] chdir("./file0") = 0 [pid 6499] ioctl(4, LOOP_CLR_FD) = 0 [pid 6499] close(4) = 0 [pid 6499] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6498] <... futex resumed>) = 0 [pid 6499] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = -1 EAGAIN (Resource temporarily unavailable) [pid 6498] <... futex resumed>) = 0 [pid 6499] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000 [pid 6498] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6499] <... open resumed>) = 4 [pid 6499] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6499] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] <... futex resumed>) = 0 [pid 6498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = 0 [pid 6499] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6499] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6499] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6498] <... futex resumed>) = 1 [pid 6498] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 EAGAIN (Resource temporarily unavailable) [pid 6498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = 0 [pid 6499] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6498] <... futex resumed>) = 1 [pid 6498] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6499] <... futex resumed>) = 0 [pid 6499] --- SIGBUS {si_signo=SIGBUS, si_code=BUS_ADRERR, si_addr=0x20000084} --- [pid 6499] +++ killed by SIGBUS +++ [pid 6498] <... futex resumed>) = ? [pid 6498] +++ killed by SIGBUS +++ --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6498, si_uid=0, si_status=SIGBUS, si_utime=0, si_stime=3 /* 0.03 s */} --- umount2("./490", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(3, 0x555556219730 /* 4 entries */, 32768) = 112 umount2("./490/binderfs", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./490/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0 unlink("./490/binderfs") = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) newfstatat(AT_FDCWD, "./490/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0 umount2("./490/file0", MNT_DETACH|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument) openat(AT_FDCWD, "./490/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4 newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0 getdents64(4, 0x555556221770 /* 2 entries */, 32768) = 48 getdents64(4, 0x555556221770 /* 0 entries */, 32768) = 0 close(4) = 0 rmdir("./490/file0") = 0 getdents64(3, 0x555556219730 /* 0 entries */, 32768) = 0 close(3) = 0 rmdir("./490") = 0 mkdir("./491", 0777) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3 ioctl(3, LOOP_CLR_FD) = 0 close(3) = 0 clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x555556218690) = 6500 ./strace-static-x86_64: Process 6500 attached [pid 6500] set_robust_list(0x5555562186a0, 24) = 0 [pid 6500] chdir("./491") = 0 [pid 6500] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0 [pid 6500] setpgid(0, 0) = 0 [ 128.087877][ T6499] syz-executor183[6499]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 128.118003][ T6499] loop0: detected capacity change from 0 to 2048 [ 128.128552][ T6499] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [pid 6500] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3 [pid 6500] write(3, "1000", 4) = 4 [pid 6500] close(3) = 0 [pid 6500] symlink("/dev/binderfs", "./binderfs") = 0 [pid 6500] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] rt_sigaction(SIGRT_1, {sa_handler=0x7f3dc90dff70, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f3dc90d1120}, NULL, 8) = 0 [pid 6500] rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 [pid 6500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc9056000 [pid 6500] mprotect(0x7f3dc9057000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc9076990, parent_tid=0x7f3dc9076990, exit_signal=0, stack=0x7f3dc9056000, stack_size=0x20300, tls=0x7f3dc90766c0} => {parent_tid=[6501]}, 88) = 6501 [pid 6500] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6500] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=4, tv_nsec=50000000}./strace-static-x86_64: Process 6501 attached [pid 6501] rseq(0x7f3dc9076fe0, 0x20, 0, 0x53053053) = 0 [pid 6501] set_robust_list(0x7f3dc90769a0, 24) = 0 [pid 6501] rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 [pid 6501] memfd_create("syzkaller", 0) = 3 [pid 6501] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f3dc0c56000 [pid 6501] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 1048576) = 1048576 [pid 6501] munmap(0x7f3dc0c56000, 1048576) = 0 [pid 6501] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 [pid 6501] ioctl(4, LOOP_SET_FD, 3) = 0 [pid 6501] close(3) = 0 [pid 6501] mkdir("./file0", 0777) = 0 [ 128.174394][ T6501] syz-executor183[6501]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 128.209146][ T6501] loop0: detected capacity change from 0 to 2048 [pid 6501] mount("/dev/loop0", "./file0", "udf", MS_NODEV|MS_SYNCHRONOUS, "") = 0 [pid 6501] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [pid 6501] chdir("./file0") = 0 [pid 6501] ioctl(4, LOOP_CLR_FD) = 0 [pid 6501] close(4) = 0 [pid 6501] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6501] futex(0x7f3dc91426c8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6500] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] <... futex resumed>) = 0 [pid 6501] open("./bus", O_RDWR|O_CREAT|O_NOCTTY|O_TRUNC|O_SYNC|O_LARGEFILE|O_NOATIME|0x3c, 000) = 4 [pid 6501] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6501] <... futex resumed>) = 1 [pid 6501] open("./bus", O_RDWR|O_CREAT|O_TRUNC|O_SYNC|O_DIRECT|O_LARGEFILE|O_NOATIME|0x3c, 000) = 5 [pid 6501] futex(0x7f3dc91426cc, FUTEX_WAKE_PRIVATE, 1000000 [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 0 [pid 6500] mmap(NULL, 135168, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f3dc0d35000 [pid 6500] mprotect(0x7f3dc0d36000, 131072, PROT_READ|PROT_WRITE) = 0 [pid 6500] rt_sigprocmask(SIG_BLOCK, ~[], [], 8) = 0 [pid 6500] clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f3dc0d55990, parent_tid=0x7f3dc0d55990, exit_signal=0, stack=0x7f3dc0d35000, stack_size=0x20300, tls=0x7f3dc0d556c0}./strace-static-x86_64: Process 6502 attached [pid 6502] rseq(0x7f3dc0d55fe0, 0x20, 0, 0x53053053 [pid 6500] <... clone3 resumed> => {parent_tid=[6502]}, 88) = 6502 [pid 6502] <... rseq resumed>) = 0 [pid 6502] set_robust_list(0x7f3dc0d559a0, 24 [pid 6500] rt_sigprocmask(SIG_SETMASK, [], [pid 6502] <... set_robust_list resumed>) = 0 [pid 6500] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6502] rt_sigprocmask(SIG_SETMASK, [], [pid 6500] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6502] <... rt_sigprocmask resumed>NULL, 8) = 0 [pid 6500] <... futex resumed>) = 0 [pid 6502] open("./bus", O_RDWR|O_NOCTTY|O_SYNC|O_NOATIME|0x3c [pid 6500] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... open resumed>) = 6 [pid 6502] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6500] <... futex resumed>) = 0 [pid 6502] write(6, "\x2e\x2f\x66\x69\x6c\x65\x30\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 34136651 [pid 6500] futex(0x7f3dc91426d8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 1 [pid 6501] mmap(0x20000000, 6291456, PROT_READ|PROT_WRITE|PROT_EXEC|PROT_SEM|PROT_GROWSUP|0x7ffff0, MAP_SHARED|MAP_FIXED|MAP_LOCKED|1< [pid 6500] <... futex resumed>) = 0 [pid 6500] futex(0x7f3dc91426dc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000} [pid 6502] <... write resumed>) = -1 EFAULT (Bad address) [pid 6502] futex(0x7f3dc91426dc, FUTEX_WAKE_PRIVATE, 1000000) = 1 [pid 6500] <... futex resumed>) = 0 [pid 6502] futex(0x7f3dc91426d8, FUTEX_WAIT_PRIVATE, 0, NULL [pid 6500] futex(0x7f3dc91426c8, FUTEX_WAKE_PRIVATE, 1000000 [pid 6501] <... futex resumed>) = 0 [pid 6500] <... futex resumed>) = 1 [pid 6501] ftruncate(4, 2 [ 128.229209][ T6501] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 128.269740][ T6501] ------------[ cut here ]------------ [ 128.275426][ T6501] WARNING: CPU: 0 PID: 6501 at fs/udf/inode.c:666 udf_setsize+0xa23/0x1150 [ 128.284193][ T6501] Modules linked in: [ 128.288070][ T6501] CPU: 0 PID: 6501 Comm: syz-executor183 Not tainted 6.5.0-next-20230831-syzkaller #0 [ 128.297678][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 128.307771][ T6501] RIP: 0010:udf_setsize+0xa23/0x1150 [pid 6500] futex(0x7f3dc91426cc, FUTEX_WAIT_PRIVATE, 0, {tv_sec=0, tv_nsec=50000000}) = -1 ETIMEDOUT (Connection timed out) [ 128.313098][ T6501] Code: ad 96 fe 85 db 0f 84 44 04 00 00 e8 97 b1 96 fe be 01 00 00 00 4c 89 ff e8 7a dd fe ff 45 31 e4 e9 0d f9 ff ff e8 7d b1 96 fe <0f> 0b e9 8d fc ff ff e8 71 b1 96 fe 49 8d bf d0 fe ff ff 44 29 eb [ 128.332776][ T6501] RSP: 0018:ffffc90005cefb78 EFLAGS: 00010293 [ 128.338898][ T6501] RAX: 0000000000000000 RBX: 0000000000000400 RCX: 0000000000000000 [ 128.346928][ T6501] RDX: ffff888024685940 RSI: ffffffff82f12d63 RDI: 0000000000000006 [ 128.354989][ T6501] RBP: ffffc90005cefd28 R08: 0000000000000006 R09: 0000000000000400 [ 128.362977][ T6501] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000200 [ 128.370978][ T6501] R13: ffff888043d02efa R14: 0000000000000000 R15: ffff888043d02e30 [ 128.378979][ T6501] FS: 00007f3dc90766c0(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000 [ 128.387943][ T6501] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.394566][ T6501] CR2: 00007f3dc0d55d58 CR3: 000000002737d000 CR4: 00000000003506f0 [ 128.402813][ T6501] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 128.410812][ T6501] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [pid 6500] exit_group(0) = ? [ 128.418822][ T6501] Call Trace: [ 128.422117][ T6501] [ 128.425091][ T6501] ? show_regs+0x8f/0xa0 [ 128.429354][ T6501] ? __warn+0xe6/0x380 [ 128.433461][ T6501] ? udf_setsize+0xa23/0x1150 [ 128.438159][ T6501] ? report_bug+0x3bc/0x580 [ 128.442680][ T6501] ? handle_bug+0x3c/0x70 [ 128.447053][ T6501] ? exc_invalid_op+0x17/0x40 [ 128.451755][ T6501] ? asm_exc_invalid_op+0x1a/0x20 [ 128.456839][ T6501] ? udf_setsize+0xa23/0x1150 [ 128.461530][ T6501] ? udf_setsize+0xa23/0x1150 [pid 6502] <... futex resumed>) = ? [pid 6502] +++ exited with 0 +++ [ 128.466270][ T6501] ? udf_setsize+0xa23/0x1150 [ 128.470985][ T6501] ? udf_bread+0x4c0/0x4c0 [ 128.475463][ T6501] ? tomoyo_path_perm+0x297/0x450 [ 128.480528][ T6501] ? __kmem_cache_free+0xb8/0x2f0 [ 128.485634][ T6501] ? rcu_is_watching+0x12/0xb0 [ 128.490413][ T6501] ? ktime_get_coarse_real_ts64+0x1b7/0x200 [ 128.496353][ T6501] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 128.502272][ T6501] ? inode_newsize_ok+0x13c/0x200 [ 128.507333][ T6501] ? setattr_prepare+0x140/0x9b0 [ 128.512279][ T6501] ? evm_inode_setattr+0x7d/0x620 [ 128.517336][ T6501] udf_setattr+0x4a4/0x5e0 [ 128.521765][ T6501] ? security_inode_setattr+0x109/0x170 [ 128.527351][ T6501] ? udf_file_write_iter+0x740/0x740 [ 128.532656][ T6501] notify_change+0x742/0x11c0 [ 128.537367][ T6501] do_truncate+0x15c/0x220 [ 128.541807][ T6501] ? file_open_root+0x450/0x450 [ 128.546709][ T6501] ? common_perm_cond+0x242/0x850 [ 128.551755][ T6501] do_sys_ftruncate+0x6a2/0x790 [ 128.556642][ T6501] do_syscall_64+0x38/0xb0 [ 128.561068][ T6501] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.567001][ T6501] RIP: 0033:0x7f3dc90b9b59 [ 128.571431][ T6501] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 128.591163][ T6501] RSP: 002b:00007f3dc9076218 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 128.599628][ T6501] RAX: ffffffffffffffda RBX: 00007f3dc91426c8 RCX: 00007f3dc90b9b59 [ 128.607644][ T6501] RDX: 00007f3dc90b9b59 RSI: 0000000000000002 RDI: 0000000000000004 [ 128.615657][ T6501] RBP: 00007f3dc91426c0 R08: 0000000000000000 R09: 0000000000000000 [ 128.623670][ T6501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dc910ee00 [ 128.631673][ T6501] R13: 00007f3dc910e208 R14: 00007f3dc910e0c0 R15: 0030656c69662f2e [ 128.639699][ T6501] [ 128.642722][ T6501] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 128.649989][ T6501] CPU: 0 PID: 6501 Comm: syz-executor183 Not tainted 6.5.0-next-20230831-syzkaller #0 [ 128.659523][ T6501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/26/2023 [ 128.669567][ T6501] Call Trace: [ 128.672841][ T6501] [ 128.675763][ T6501] dump_stack_lvl+0xd9/0x1b0 [ 128.680357][ T6501] panic+0x6a6/0x750 [ 128.684259][ T6501] ? panic_smp_self_stop+0xa0/0xa0 [ 128.689396][ T6501] ? udf_setsize+0xa23/0x1150 [ 128.694075][ T6501] check_panic_on_warn+0xab/0xb0 [ 128.699009][ T6501] __warn+0xf2/0x380 [ 128.702906][ T6501] ? udf_setsize+0xa23/0x1150 [ 128.707606][ T6501] report_bug+0x3bc/0x580 [ 128.711955][ T6501] handle_bug+0x3c/0x70 [ 128.716123][ T6501] exc_invalid_op+0x17/0x40 [ 128.720622][ T6501] asm_exc_invalid_op+0x1a/0x20 [ 128.725507][ T6501] RIP: 0010:udf_setsize+0xa23/0x1150 [ 128.730798][ T6501] Code: ad 96 fe 85 db 0f 84 44 04 00 00 e8 97 b1 96 fe be 01 00 00 00 4c 89 ff e8 7a dd fe ff 45 31 e4 e9 0d f9 ff ff e8 7d b1 96 fe <0f> 0b e9 8d fc ff ff e8 71 b1 96 fe 49 8d bf d0 fe ff ff 44 29 eb [ 128.750405][ T6501] RSP: 0018:ffffc90005cefb78 EFLAGS: 00010293 [ 128.756485][ T6501] RAX: 0000000000000000 RBX: 0000000000000400 RCX: 0000000000000000 [ 128.764470][ T6501] RDX: ffff888024685940 RSI: ffffffff82f12d63 RDI: 0000000000000006 [ 128.772447][ T6501] RBP: ffffc90005cefd28 R08: 0000000000000006 R09: 0000000000000400 [ 128.780428][ T6501] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000200 [ 128.788405][ T6501] R13: ffff888043d02efa R14: 0000000000000000 R15: ffff888043d02e30 [ 128.796389][ T6501] ? udf_setsize+0xa23/0x1150 [ 128.801093][ T6501] ? udf_setsize+0xa23/0x1150 [ 128.805789][ T6501] ? udf_bread+0x4c0/0x4c0 [ 128.810215][ T6501] ? tomoyo_path_perm+0x297/0x450 [ 128.815257][ T6501] ? __kmem_cache_free+0xb8/0x2f0 [ 128.820302][ T6501] ? rcu_is_watching+0x12/0xb0 [ 128.825086][ T6501] ? ktime_get_coarse_real_ts64+0x1b7/0x200 [ 128.830995][ T6501] ? ktime_get_coarse_real_ts64+0x147/0x200 [ 128.836913][ T6501] ? inode_newsize_ok+0x13c/0x200 [ 128.841958][ T6501] ? setattr_prepare+0x140/0x9b0 [ 128.846897][ T6501] ? evm_inode_setattr+0x7d/0x620 [ 128.851937][ T6501] udf_setattr+0x4a4/0x5e0 [ 128.856449][ T6501] ? security_inode_setattr+0x109/0x170 [ 128.862006][ T6501] ? udf_file_write_iter+0x740/0x740 [ 128.867299][ T6501] notify_change+0x742/0x11c0 [ 128.871984][ T6501] do_truncate+0x15c/0x220 [ 128.876420][ T6501] ? file_open_root+0x450/0x450 [ 128.881289][ T6501] ? common_perm_cond+0x242/0x850 [ 128.886324][ T6501] do_sys_ftruncate+0x6a2/0x790 [ 128.891196][ T6501] do_syscall_64+0x38/0xb0 [ 128.895645][ T6501] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 128.901551][ T6501] RIP: 0033:0x7f3dc90b9b59 [ 128.905975][ T6501] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 b1 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 128.925585][ T6501] RSP: 002b:00007f3dc9076218 EFLAGS: 00000246 ORIG_RAX: 000000000000004d [ 128.934002][ T6501] RAX: ffffffffffffffda RBX: 00007f3dc91426c8 RCX: 00007f3dc90b9b59 [ 128.941975][ T6501] RDX: 00007f3dc90b9b59 RSI: 0000000000000002 RDI: 0000000000000004 [ 128.949945][ T6501] RBP: 00007f3dc91426c0 R08: 0000000000000000 R09: 0000000000000000 [ 128.957950][ T6501] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f3dc910ee00 [ 128.965923][ T6501] R13: 00007f3dc910e208 R14: 00007f3dc910e0c0 R15: 0030656c69662f2e [ 128.973910][ T6501] [ 128.977115][ T6501] Kernel Offset: disabled [ 128.981425][ T6501] Rebooting in 86400 seconds..